WindowsImpersonationContext and DirectoryServices

D

danycloutier

Hi everybody,

I'm developping an application where I have to read information in the
Active Directory (windows 2000). I have to impersonate my calls with
specific users to have acces to different parts of the AD.

I impersonate the user with the code below (I get token via the
function LogonUser in ADVAPI32.DLL ).

WindowsImpersonationContext wic;
if (token != IntPtr.Zero)
{
WindowsIdentity wi;
using (wi = new WindowsIdentity(token))
{
wic = wi.Impersonate();
}
}
dirEntry = new DirectoryEntry(myConnString)


But after it, I'm unable to read in the AD. I think the directoryEntry
constructor is called with the credentials of my web server (the user
USR_... on local computer) and the connection is refused. Is there any
solutions to impersonate the call to the AD without specifying the
credentials in the DirectoryEntry constructor ?

Thank you

Dany
 
J

Joe Kaplan

Your DirectoryEntry is outside of the "using" block, so your impersonation
is being undone before you even call anything. That is why this isn't
working. :)

Note that with the DirectoryEntry, you don't need impersonation like you do
with a lot of other remote security operations. DirectoryEntry is
LDAP-based (assuming you are using the LDAP provider, which you should be
100% for AD) and LDAP natively supports supplying credentials directly.

Thus, instead of bothering to call LogonUser, getting a token and
impersonating, you could just pass those credentials directly to the
DirectoryEntry object (using the AuthenticationTypes.Secure parameter as
well!) and it will just work.

HTH,

Joe K.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top