Asp.net Impersonation:Accessing file Server from https

E

er_amitthakur

Joined
Jul 29, 2009
Messages
2
Reaction score
0
Hello,

I am trying to access the files located in directory at remote server and I was able to impersonate different Identities (using this C# code as mentioned in the post below). But there are various issues coming up when I deploy them on server.

1. This code works fine on my development machine. But when I deploy it on server (WHICH USES HTTPS) the impersonation fails.
2. LogonUserAPI should be able to authenticate the windows accounts located at file server also I think. But with this code impersonation fails if I provide username and password of any local user account at the server. But for LDAP user accounts it works OK for my local machine (but not on HTTPS)

Please advise as how can I get it working when my website is hosted on HTTPS please.

Code:

Code: 
   1. using System;  
   2. using System.Security.Principal;  
   3. using System.Runtime.InteropServices;  
   4.   
   5. namespace XXXX.YYYY.ZZZZ.Security  
   6. {  
   7.    public static class CustomImpersonate  
   8.     {  
   9.         //*************************impersonation code******************************//  
  10.         private const int LOGON32_LOGON_INTERACTIVE = 2;  
  11.         private const int LOGON32_PROVIDER_DEFAULT = 0;  
  12.   
  13.         private static WindowsImpersonationContext impersonationContext;  
  14.   
  15.         [DllImport("advapi32.dll")]  
  16.         private static extern int LogonUserA(String lpszUserName,  
  17.             String lpszDomain,  
  18.             String lpszPassword,  
  19.             int dwLogonType,  
  20.             int dwLogonProvider,  
  21.             ref IntPtr phToken);  
  22.         [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]  
  23.         private static extern int DuplicateToken(IntPtr hToken,  
  24.             int impersonationLevel,  
  25.             ref IntPtr hNewToken);  
  26.   
  27.         [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]  
  28.         private static extern bool RevertToSelf();  
  29.   
  30.         [DllImport("kernel32.dll", CharSet = CharSet.Auto)]  
  31.         private static extern bool CloseHandle(IntPtr handle);  
  32.   
  33.         public static bool impersonateValidUser(String userName, String domain, String password)  
  34.         {  
  35.             WindowsIdentity tempWindowsIdentity;  
  36.             IntPtr token = IntPtr.Zero;  
  37.             IntPtr tokenDuplicate = IntPtr.Zero;  
  38.   
  39.             if (RevertToSelf())  
  40.             {  
  41.                 if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,  
  42.                     LOGON32_PROVIDER_DEFAULT, ref token) != 0)  
  43.                 {  
  44.                     if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)  
  45.                     {  
  46.                         tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);  
  47.                         impersonationContext = tempWindowsIdentity.Impersonate();  
  48.                         if (impersonationContext != null)  
  49.                         {  
  50.                             CloseHandle(token);  
  51.                             CloseHandle(tokenDuplicate);  
  52.                             return true;  
  53.                         }  
  54.                     }  
  55.                 }  
  56.             }  
  57.             if (token != IntPtr.Zero)  
  58.                 CloseHandle(token);  
  59.             if (tokenDuplicate != IntPtr.Zero)  
  60.                 CloseHandle(tokenDuplicate);  
  61.             return false;  
  62.         }  
  63.   
  64.         public static void undoImpersonation()  
  65.         {  
  66.             impersonationContext.Undo();  
  67.         }  
  68.   
  69.         //*************************impersonation code******************************//  
  70.     }  
  71. }

AND:

Code: 
   1. if (XXXX.YYYY.ZZZZ.Security.CustomImpersonate.impersonateValidUser("ldapUser1", "UnivDomain", "passwrd"))  
   2.         {  
   3.             // Code to access network resources goes here.  
   4.             DirectoryInfo dirInfo = new DirectoryInfo(System.Web.Configuration.WebConfigurationManager.AppSettings["xlFileLocation"]);  
   5.             articleList.DataSource = dirInfo.GetFiles("*.*");  
   6.             articleList.DataBind();  
   7.   
   8.             //Insert your code that runs under the security context of a specific user here.  
   9.             XXXX.YYYY.ZZZZ.Security.CustomImpersonate.undoImpersonation();  
  10.         }  
  11.         else  
  12.         {  
  13.             //Your impersonation failed. Therefore, include a fail-safe mechanism here.  
  14.         }
 
Last edited:

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Facing problem while accessing virtual server count in Sharpeoint using SPGlobalAdmin 0
S4U Kerberos for calling WCF services 4
Windows Server 2008 impersonation. 3
Crypto API problem while using forms authentication 0
Impersonation fails on all other pages 0
Access denied. delegation scenario accessing to a shared resource in cluster 1
impersonation works on local xp not on web server 3
Impersonate - Urgent 3

Members online

Total: 33 (members: 3, guests: 30)
Robots: 428

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,050
Latest member
AngelS122

Latest Threads

Top