L
Lee
I am having problems trying to impersonate as a user in asp.net.
I get an access denied error on the LogonUser method of the following code;
/// <summary>
/// Summary description for CustomWindowsIdentity.
/// </summary>
public class CustomWindowsIdentity : WindowsIdentity
{
[DllImport("advapi32.dll", SetLastError=true)]
private static extern int LogonUser(String lpszUsername, String
lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out int phToken);
[DllImport("kernel32.dll")]
private static extern int GetLastError();
public CustomWindowsIdentity( string domain, string username, string
password ) :
base( CustomWindowsIdentity.LogonUser(domain,username,password) )
{
}
//--------------------------------------------------------------------------
// Impersonates as the supplied user.
// Domain must be in standard NT format: e.g. "DOMAIN"
//--------------------------------------------------------------------------
public static WindowsImpersonationContext Impersonate( string domain,
string username, string password )
{
IntPtr token = LogonUser( domain, username, password );
return WindowsIdentity.Impersonate( token );
}
private static IntPtr LogonUser( string domain, string username, string
password )
{
int token = 0;
int loggedOn = LogonUser( username, domain, password,
0x8, 0x0,
//WindowsLogonType.NetworkClearText,
//WindowsLogonProvider.Default,
out token );
if (loggedOn==0 || token==0)
{
int ret = GetLastError();
//int ret = Marshal.GetLastWin32Error(); //GetLastError();
if (ret!=0)
{
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
throw new Win32Exception(ret,"DEBUG: " + currentUser.Name.ToString());
}
}
IntPtr tokenOut = new IntPtr( token );
return tokenOut;
}
}
Its worth noting we are using a different user account for IIS anonymous
authentication so the user that is trying to impersonate is
'DOMAIN\MY_READER'.
This same code block works on the production environment so my thinking is
that its a permission or setting missing for the specific user on the staging
server? Ive even tried having IIS use an administrator account for anonymous
access but get the same error?
Any help, clues or pointers would be great.
many thanks
I get an access denied error on the LogonUser method of the following code;
/// <summary>
/// Summary description for CustomWindowsIdentity.
/// </summary>
public class CustomWindowsIdentity : WindowsIdentity
{
[DllImport("advapi32.dll", SetLastError=true)]
private static extern int LogonUser(String lpszUsername, String
lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out int phToken);
[DllImport("kernel32.dll")]
private static extern int GetLastError();
public CustomWindowsIdentity( string domain, string username, string
password ) :
base( CustomWindowsIdentity.LogonUser(domain,username,password) )
{
}
//--------------------------------------------------------------------------
// Impersonates as the supplied user.
// Domain must be in standard NT format: e.g. "DOMAIN"
//--------------------------------------------------------------------------
public static WindowsImpersonationContext Impersonate( string domain,
string username, string password )
{
IntPtr token = LogonUser( domain, username, password );
return WindowsIdentity.Impersonate( token );
}
private static IntPtr LogonUser( string domain, string username, string
password )
{
int token = 0;
int loggedOn = LogonUser( username, domain, password,
0x8, 0x0,
//WindowsLogonType.NetworkClearText,
//WindowsLogonProvider.Default,
out token );
if (loggedOn==0 || token==0)
{
int ret = GetLastError();
//int ret = Marshal.GetLastWin32Error(); //GetLastError();
if (ret!=0)
{
WindowsIdentity currentUser = WindowsIdentity.GetCurrent();
throw new Win32Exception(ret,"DEBUG: " + currentUser.Name.ToString());
}
}
IntPtr tokenOut = new IntPtr( token );
return tokenOut;
}
}
Its worth noting we are using a different user account for IIS anonymous
authentication so the user that is trying to impersonate is
'DOMAIN\MY_READER'.
This same code block works on the production environment so my thinking is
that its a permission or setting missing for the specific user on the staging
server? Ive even tried having IIS use an administrator account for anonymous
access but get the same error?
Any help, clues or pointers would be great.
many thanks