Runtime Impersonation - Help !!!

S

Snig

Hi all

I need to implement Runtime (Conditional) Impersonation in one of my ASP.NET
Pages.

If I use the <identity impersonate="true" /> in web.config file, it works
fine.

But in code, while I try to Impersonate I get Win32 error. I am using
"Logon" Win32 API for get a specific token. But this API is returning error
1314 : A required privilege is not held by the client

I tried to resolve it by assinging the most probable Security priviledges to
the "ASPNET" account by "Local Security Policy" snap-in. But nothing worked.

Can anybody please help me ?

Thanx in advance.
 
E

Eric Mayne

By setting <identity impersonate="true" /> in web.config file the asp.net
worker process assumes the identity of the person requesting the page.
Most likely the user making the request does not have permissions to
impersonate.

Eric Mayne
 
M

Marni Alvarez

I was having the same problem and this worked for me. I
got this from the book ".NET Security" by Fischer and
Smith, but there was a bug in their code. Hope this is
helpful.

public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
public const int SECURITY_IMPERSONATION_LEVEL = 2;

WindowsImpersonationContext impersonatedContext;
WindowsIdentity tempIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDup = IntPtr.Zero;

if ( LogonUser(userName, userDomain, userPassword,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0 )
{
DuplicateToken(token, SECURITY_IMPERSONATION_LEVEL,
ref tokenDup);
tempIdentity = new WindowsIdentity(tokenDup);

impersonatedContext = tempIdentity.Impersonate();
}

....

// and then when you're finished impersonating
impersonatedContext.Undo();
 
S

Snig

Thanx Marni.

But I've written exactly the same code that you have mentioned here.
Still the "LOGONUSER" API sends error : 1314 : A required privilege is not
held by the client

I saw somewhere in the Web that this process requires ASPNET user to have
permission "Act As a Part of the OS". I granted that permission too. Still
it doesn't work !

Any clue ?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Runtime Impersonation 0
Runtime Impersonation 1
Impersonation headaches with ASP.NET 2.0 -- help! 2
Impersonation not working... 3
Windows Server 2008 impersonation. 3
Impersonation with users of 2 domain (nor trusted) 0
Security Challenge: Runtime impersonation without calling LogonUse 4
HELP with Impersonation 3

Members online

No members online now.
Total: 19 (members: 0, guests: 19)
Robots: 229

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,023
Latest member
websitedesig25

Latest Threads

Top