Impersonation???

Bill Dean

Hi all, I posted this on the ASP.NET forum, but have gotten no responses, so I figured I'd ask here now (the code is c# after all...so it's kinda on-topic) Apparently I don't know jack about impersonation in ASP.NET. I need to have ASP.NET look at a network share and tell me if it finds a file. My code looks like: //impersonate int i; bool b=LogonUser("someuser","RESTEKCORP","thepassword",3,0,out i ); WindowsIdentity wi = new WindowsIdentity (new System.IntPtr (i)); WindowsImpersonationContext wic = wi.Impersonate (); FileInfo FI = new FileInfo (@"\\10.238.218.XXX/some_share/TheFile.ext"); Now my confussion: I know "someuser" has access to the share, since I use my own login (at least for now) and I can list the directory and edit files through windows. The login seems to succeed, as b is true. But FI.Exists comes back as false, even though I know the file exists. So I look at FI in the debugger and notice that I am getting a message saying that a System.UnauthorizedAccessException occured. Which suggests to me that the impersonation is not working... What am I missing? Thanks in advance, Bill

turbochimp

Several possibilities. First off, is your impersonation succeeding? 1. Is the ASPNet account set to run as part of the OS? It will need to be, and remember that authentication in a web app is different than logging on locally. 2. I'm not certain what a value of 3 means for LogonType in LogonUser call - I assume it means NETWORK logon, which doesn't create a primary token handle, required for impersonation - should be using INTERACTIVE logon (2). 3. No token is being provided when you create your WindowsIdentity. 4. It may only be in your example, but aren't the forward slashes in the path supposed to be backslashes? 5. Is this running on/against XP or 2000? There are documented issues with getting impersonation to work under 2000 without hacking security to do it. Hope this helps. Example I got to work on XP (example hints came directly from MSDN, BTW):

using System;
using System.Security;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;

namespace ConsoleApplication2
{
/// /// Summary description for Class1.
///
class Class1
{
[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

	\[DllImport("kernel32.dll", CharSet=System.Runtime.InteropServices.CharSet.Auto)\]
	private unsafe static extern int FormatMessage(int dwFlags, ref IntPtr lpSource, 
		int dwMessageId, int dwLanguageId, ref String lpBuffer, int nSize, IntPtr \*Arguments);

	\[DllImport("kernel32.dll", CharSet=CharSet.Auto)\]
	public extern static bool CloseHandle(IntPtr handle);

	\[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)\]
	public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, 
		int SECURITY\_IMPERSONATION\_LEVEL, ref IntPtr DuplicateTokenHandle);


	// GetErrorMessage formats and returns an error message
	// corresponding to the input errorCode.
	public unsafe static string GetErrorMessage(int errorCode)
	{
		int FORMAT\_MESSAGE\_ALLOCATE\_BUFFER = 0x00000100;
		int FORMAT\_MESSAGE\_IGNORE\_INSERTS = 0x00000200;
		int FORMAT\_MESSAGE\_FROM\_SYSTEM  = 0x00001000;

		int messageSize = 255;
		String lpMsgBuf = "";
		int dwFlags = FORMAT\_MESSAGE\_ALLOCATE\_BUFFER | FORMAT\_MESSAGE\_FROM\_SYSTEM | FORMAT\_MESSAGE\_IGNORE\_INSERTS;

		IntPtr ptrlpSource = IntPtr.Zero;
		IntPtr prtArguments = IntPtr.Zero;