N
nano2k
Hi
In my webservice, for certain requests, I need to start another
process on the server side.
To start My process, I need to have administrative rights, so i'm
using the impersonation mechanism using a predefined fixed user
account on server machine.
All works fine, no problem, but after the process starts, I need to
"revert" to ASPNET or NETWORK SERVICES user account priviledges. This
part is what I'm missing.
To impersonate, i'm using this code:
public static bool impersonateValidUser(String userName, String
domain, String password) {
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(WinAPI.RevertToSelf()) {
if(WinAPI.LogonUserA(userName, domain, password,
WinAPI.LOGON32_LOGON_INTERACTIVE,
WinAPI.LOGON32_PROVIDER_DEFAULT, ref token) != 0) {
if(WinAPI.DuplicateToken(token, 2, ref tokenDuplicate) != 0) {
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null) {
WinAPI.CloseHandle(token);
WinAPI.CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
WinAPI.CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
WinAPI.CloseHandle(tokenDuplicate);
return false;
}
I tried using the above method like this:
//save current user account:
string name = Environment.UserName;
string domain = Environment.UserDomainName;
bool b = impersonateValidUser("admin_user", "domain", "pass");
//b gets the value of true, so impersonation succeeded
//now, start the process
.....
//succeeded
//trying to revert to previous user account (ASPNET or NETWORK
SERVICES for server systems):
b = impersonateValidUser(name, domain, string.Empty);
//b is false - it seems that the ASPNET has a default password (?)
Any ideas? Thanks.
In my webservice, for certain requests, I need to start another
process on the server side.
To start My process, I need to have administrative rights, so i'm
using the impersonation mechanism using a predefined fixed user
account on server machine.
All works fine, no problem, but after the process starts, I need to
"revert" to ASPNET or NETWORK SERVICES user account priviledges. This
part is what I'm missing.
To impersonate, i'm using this code:
public static bool impersonateValidUser(String userName, String
domain, String password) {
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(WinAPI.RevertToSelf()) {
if(WinAPI.LogonUserA(userName, domain, password,
WinAPI.LOGON32_LOGON_INTERACTIVE,
WinAPI.LOGON32_PROVIDER_DEFAULT, ref token) != 0) {
if(WinAPI.DuplicateToken(token, 2, ref tokenDuplicate) != 0) {
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null) {
WinAPI.CloseHandle(token);
WinAPI.CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
WinAPI.CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
WinAPI.CloseHandle(tokenDuplicate);
return false;
}
I tried using the above method like this:
//save current user account:
string name = Environment.UserName;
string domain = Environment.UserDomainName;
bool b = impersonateValidUser("admin_user", "domain", "pass");
//b gets the value of true, so impersonation succeeded
//now, start the process
.....
//succeeded
//trying to revert to previous user account (ASPNET or NETWORK
SERVICES for server systems):
b = impersonateValidUser(name, domain, string.Empty);
//b is false - it seems that the ASPNET has a default password (?)
Any ideas? Thanks.