Main Menu

Daily using/supporting

Get Firefox browser!
Get Thunderbird!
Get Opera browser!
Get The Gimp!
Get Inkscape!
Get LibreOffice!
Get Videolan!
Get Linux!
Get Mandriva!
Get Joomla!
Hacker Emblem

Popular Tags

Archives

Which topics would you like us to cover more?

Latest comments

Latest tweets

about 1 day ago Using REDIPS.drag to add drag and drop to your .Net webapplication #li #dib0 http://t.co/n8zY3s7d
about 7 days ago http://t.co/cknQcDbo #Kindle
about 15 days ago Freedom isn't the ability to choose what to do or say, but the ability to choose what not to do or say #freedom
about 29 days ago http://t.co/61KTQknI #Kindle
12 Apr 2012 Force the use of a networking adapter using C# #li #dib0 http://t.co/ZTJOPzOz
9 Apr 2012 http://t.co/k9yliR2t #Kindle
9 Apr 2012 Mandriva 2010.2 and USB devices in Virtualbox http://t.co/fwq9gbHB
9 Apr 2012 Execute a http request to you own site with PHP http://t.co/DIvWPrpd
Twitter
Prev Next
Home Architecture, security and coding Changing imperonation user at runtime
Changing imperonation user at runtime
Written by Division by Zero   
Friday, 26 March 2010 09:48

Last year I needed to change the impersonated user my application was running under. But just for a few lines of code. The rest of the application needed to stay running with the original user credentials.

After some searching I found a solution. It isn't pretty, but it works. I lost the original site I found it and I will add a link to this original if I find it again.

 public class ImpersonateUser
{
 #region Imports
 [DllImport("advapi32.dll", SetLastError = true)]
 public static extern bool LogonUser(
 String lpszUsername,
 String lpszDomain,
 String lpszPassword,
 int dwLogonType,
 int dwLogonProvider,
 ref IntPtr phToken);
 
 [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
 public extern static bool CloseHandle(IntPtr handle);
 private static IntPtr tokenHandle = new IntPtr(0);
 private static WindowsImpersonationContext impersonatedUser;
 #endregion

 #region Public methods
 // If you incorporate this code into a DLL, be sure to demand that it
 // runs with FullTrust.
 [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
 public WindowsPrincipal Impersonate(string domainName, string userName, string password)
 {
 // Use the unmanaged LogonUser function to get the user token for
 // the specified user, domain, and password.
 const int LOGON32_PROVIDER_DEFAULT = 0;
 // Passing this parameter causes LogonUser to create a primary token.
 const int LOGON32_LOGON_INTERACTIVE = 2;
 tokenHandle = IntPtr.Zero;
 
 // ---- Step - 1
 // Call LogonUser to obtain a handle to an access token.
 bool returnValue = LogonUser(
 userName,
 domainName,
 password,
 LOGON32_LOGON_INTERACTIVE,
 LOGON32_PROVIDER_DEFAULT,
 ref tokenHandle); // tokenHandle - new security token
 
 if (false == returnValue)
 {
 int ret = Marshal.GetLastWin32Error();
 throw new System.ComponentModel.Win32Exception(ret);
 }
 
 // ---- Step - 2
 WindowsIdentity newId = new WindowsIdentity(tokenHandle);
 
 // ---- Step - 3
 impersonatedUser = newId.Impersonate();

 return (newId == null) ? null : new WindowsPrincipal(newId);
 }

 // Stops impersonation
 public void Undo()
 {
 impersonatedUser.Undo();
 
 // Free the tokens.
 if (tokenHandle != IntPtr.Zero)
 CloseHandle(tokenHandle);
 }
 #endregion
}

 

Tags:

Related Articles
 

Add comment


Security code
Refresh

Only put off until tomorrow what you are willing to die having left undone. - Pablo Picasso


© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack 

Valid XHTML 1.0 Strict  Valid CSS!  Creative Commons License
This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.