Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Impersonation and Network Share

Reply
Thread Tools

Impersonation and Network Share

 
 
Jason MacKenzie
Guest
Posts: n/a
 
      06-03-2005
I have an asp.net application with a treeview control that accesses a
network share and recurses through all the directories and displays the
structure on a scree - pretty standard stuff.

I impersonate a domain admin account with the code that I will attach below.
When I step through the code the impersonation appears to be successful and
I'm getting the username and pwd from the registry which I use in many other
places so I know they are right.

The idea is to give specific people full control over their own folders and
then control read acces through our intranet security framework.

The issue is that unless I give Everyone read access to the share I get
prompted for a user name and password - which to my way of thinking
shouldn't happen as I am impersonating a domain admin.

Any help is appreciated.

Jason

Imports System.Security
Imports System.Web.Security
Imports System.Security.Principal

Module Common
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0

Dim impersonationContext As WindowsImpersonationContext

Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" _
(ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As
Integer

Public Function impersonateValidUser(ByVal userName As String, ByVal
domain As String, ByVal password As String) As Boolean

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr
Dim tokenDuplicate As IntPtr

If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
_
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If impersonationContext Is Nothing Then
impersonateValidUser = False
Else
impersonateValidUser = True
End If
Else
impersonateValidUser = False
End If
Else
impersonateValidUser = False
End If
End Function

Public Sub undoImpersonation()
impersonationContext.Undo()
End Sub

End Module


 
Reply With Quote
 
 
 
 
Scott Allen
Guest
Posts: n/a
 
      06-03-2005
Hi Jason:

You mean the browser is prompting for a user name and password? That
means there is a request going from the browser to the other machine -
the code you have below will only impersonate a user for your server
side code.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Fri, 3 Jun 2005 11:09:40 -0400, "Jason MacKenzie" <(E-Mail Removed)>
wrote:

>I have an asp.net application with a treeview control that accesses a
>network share and recurses through all the directories and displays the
>structure on a scree - pretty standard stuff.
>
>I impersonate a domain admin account with the code that I will attach below.
>When I step through the code the impersonation appears to be successful and
>I'm getting the username and pwd from the registry which I use in many other
>places so I know they are right.
>
>The idea is to give specific people full control over their own folders and
>then control read acces through our intranet security framework.
>
>The issue is that unless I give Everyone read access to the share I get
>prompted for a user name and password - which to my way of thinking
>shouldn't happen as I am impersonating a domain admin.
>
>Any help is appreciated.
>
>Jason
>
>Imports System.Security
>Imports System.Web.Security
>Imports System.Security.Principal
>
>Module Common
> Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
> Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
>
> Dim impersonationContext As WindowsImpersonationContext
>
> Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
>As String, _
> ByVal lpszDomain As String, _
> ByVal lpszPassword As String, _
> ByVal dwLogonType As Integer, _
> ByVal dwLogonProvider As Integer, _
> ByRef phToken As IntPtr) As Integer
> Declare Auto Function DuplicateToken Lib "advapi32.dll" _
> (ByVal ExistingTokenHandle As IntPtr, _
> ByVal ImpersonationLevel As Integer, _
> ByRef DuplicateTokenHandle As IntPtr) As
>Integer
>
> Public Function impersonateValidUser(ByVal userName As String, ByVal
>domain As String, ByVal password As String) As Boolean
>
> Dim tempWindowsIdentity As WindowsIdentity
> Dim token As IntPtr
> Dim tokenDuplicate As IntPtr
>
> If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
>_
> LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
> impersonationContext = tempWindowsIdentity.Impersonate()
> If impersonationContext Is Nothing Then
> impersonateValidUser = False
> Else
> impersonateValidUser = True
> End If
> Else
> impersonateValidUser = False
> End If
> Else
> impersonateValidUser = False
> End If
> End Function
>
> Public Sub undoImpersonation()
> impersonationContext.Undo()
> End Sub
>
>End Module
>


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Share-Point-2010 ,Share-Point -2010 Training , Share-point-2010Hyderabad , Share-point-2010 Institute Saraswati lakki ASP .Net 0 01-06-2012 06:39 AM
Wireless Network - Setup - How? See/share Files, share printers, how? Wayne Wireless Networking 2 04-08-2006 04:34 PM
Impersonation and accessing Windows file share Julie ASP .Net Security 9 03-31-2006 06:52 PM
impersonation - network share - access denied bren@ebesser.com ASP .Net Security 3 03-10-2006 03:27 PM
Impersonation for a network share from aspx page Chuck Haeberle ASP .Net 0 07-10-2003 04:16 PM



Advertisments