Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Impersonate via a remote workgroup

Reply
Thread Tools

Impersonate via a remote workgroup

 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      07-05-2006
try to use the NEW_CREDENTIAL logon type.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> i am trying to impersanate a remote user on a workgroup(NOT Domain)
> account. This does not seem to work. Only works for domain or local
> user. Anyone have any ideas.
>
> Thanks
>
> Dim tempWindowsIdentity As WindowsIdentity
> Dim token As IntPtr = IntPtr.Zero
> Dim tokenDuplicate As IntPtr = IntPtr.Zero
> impersonateValidUser = False
> If RevertToSelf() Then
> If LogonUserA(userName, domain, password,
> LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> tempWindowsIdentity = New
> WindowsIdentity(tokenDuplicate)
> impersonationContext =
> tempWindowsIdentity.Impersonate()
> If Not impersonationContext Is Nothing Then
> impersonateValidUser = True
> End If
> End If
> End If
> End If
> If Not tokenDuplicate.Equals(IntPtr.Zero) Then
> CloseHandle(tokenDuplicate)
> End If
> If Not token.Equals(IntPtr.Zero) Then
> CloseHandle(token)
> End I



 
Reply With Quote
 
 
 
 
Dominick Baier [DevelopMentor]
Guest
Posts: n/a
 
      07-05-2006
sorry. this only works if you are trying to access remote resources that
"know" the account you are impersonating.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> i am trying to impersanate a remote user on a workgroup(NOT Domain)
> account. This does not seem to work. Only works for domain or local
> user. Anyone have any ideas.
>
> Thanks
>
> Dim tempWindowsIdentity As WindowsIdentity
> Dim token As IntPtr = IntPtr.Zero
> Dim tokenDuplicate As IntPtr = IntPtr.Zero
> impersonateValidUser = False
> If RevertToSelf() Then
> If LogonUserA(userName, domain, password,
> LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> tempWindowsIdentity = New
> WindowsIdentity(tokenDuplicate)
> impersonationContext =
> tempWindowsIdentity.Impersonate()
> If Not impersonationContext Is Nothing Then
> impersonateValidUser = True
> End If
> End If
> End If
> End If
> If Not tokenDuplicate.Equals(IntPtr.Zero) Then
> CloseHandle(tokenDuplicate)
> End If
> If Not token.Equals(IntPtr.Zero) Then
> CloseHandle(token)
> End If



 
Reply With Quote
 
 
 
 
Dino
Guest
Posts: n/a
 
      07-05-2006
i am trying to impersanate a remote user on a workgroup(NOT Domain) account.
This does not seem to work. Only works for domain or local user. Anyone have
any ideas.

Thanks

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
 
Reply With Quote
 
melle
Guest
Posts: n/a
 
      08-04-2006
Hi Dominick,

I've found multiple entries from that state that we should use
NEW_CREDENTIAL in order to log on cross domain... I tried it, and
LogonUser does not fail... that is true, but when I do
ImpersonateLoggedOnUser it doesn't seem to impersonate at all.

Can you tell us what the next step should be?

I am trying to impersonate a user from another domain, that is a domain
my computer is not a part of. All the credentials are ok. that is not a
problem. It just doesn't accept them. (error 1326)

Please advise,

Melle


Dominick wrote:
> try to use the NEW_CREDENTIAL logon type.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > i am trying to impersanate a remote user on a workgroup(NOT Domain)
> > account. This does not seem to work. Only works for domain or local
> > user. Anyone have any ideas.
> >
> > Thanks
> >
> > Dim tempWindowsIdentity As WindowsIdentity
> > Dim token As IntPtr = IntPtr.Zero
> > Dim tokenDuplicate As IntPtr = IntPtr.Zero
> > impersonateValidUser = False
> > If RevertToSelf() Then
> > If LogonUserA(userName, domain, password,
> > LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> > tempWindowsIdentity = New
> > WindowsIdentity(tokenDuplicate)
> > impersonationContext =
> > tempWindowsIdentity.Impersonate()
> > If Not impersonationContext Is Nothing Then
> > impersonateValidUser = True
> > End If
> > End If
> > End If
> > End If
> > If Not tokenDuplicate.Equals(IntPtr.Zero) Then
> > CloseHandle(tokenDuplicate)
> > End If
> > If Not token.Equals(IntPtr.Zero) Then
> > CloseHandle(token)
> > End If


 
Reply With Quote
 
melle
Guest
Posts: n/a
 
      08-04-2006
Hi Dominick,

I've found multiple posts on google from you, that state that we should
use
NEW_CREDENTIAL in order to log on cross domain... I tried it, and
LogonUser does not fail... that is true, but when I do
ImpersonateLoggedOnUser it doesn't seem to impersonate at all.


Can you tell us what the next step should be?


I am trying to impersonate a user from another domain, that is a domain

my computer is not a part of. All the credentials are ok. that is not a

problem. It just doesn't accept them. (error 1326)


Please advise,


Melle



Dominick wrote:
> try to use the NEW_CREDENTIAL logon type.
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > i am trying to impersanate a remote user on a workgroup(NOT Domain)
> > account. This does not seem to work. Only works for domain or local
> > user. Anyone have any ideas.
> >
> > Thanks
> >
> > Dim tempWindowsIdentity As WindowsIdentity
> > Dim token As IntPtr = IntPtr.Zero
> > Dim tokenDuplicate As IntPtr = IntPtr.Zero
> > impersonateValidUser = False
> > If RevertToSelf() Then
> > If LogonUserA(userName, domain, password,
> > LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
> > If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
> > tempWindowsIdentity = New
> > WindowsIdentity(tokenDuplicate)
> > impersonationContext =
> > tempWindowsIdentity.Impersonate()
> > If Not impersonationContext Is Nothing Then
> > impersonateValidUser = True
> > End If
> > End If
> > End If
> > End If
> > If Not tokenDuplicate.Equals(IntPtr.Zero) Then
> > CloseHandle(tokenDuplicate)
> > End If
> > If Not token.Equals(IntPtr.Zero) Then
> > CloseHandle(token)
> > End If


 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      08-04-2006
Hi,

use the token from LogonUser to

call WindowsIdentity.Impersonate(token);
then do the resource access


dominick

> Hi Dominick,
>
> I've found multiple posts on google from you, that state that we
> should
> use
> NEW_CREDENTIAL in order to log on cross domain... I tried it, and
> LogonUser does not fail... that is true, but when I do
> ImpersonateLoggedOnUser it doesn't seem to impersonate at all.
> Can you tell us what the next step should be?
>
> I am trying to impersonate a user from another domain, that is a
> domain
>
> my computer is not a part of. All the credentials are ok. that is not
> a
>
> problem. It just doesn't accept them. (error 1326)
>
> Please advise,
>
> Melle
>
> Dominick wrote:
>
>> try to use the NEW_CREDENTIAL logon type.
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> i am trying to impersanate a remote user on a workgroup(NOT Domain)
>>> account. This does not seem to work. Only works for domain or local
>>> user. Anyone have any ideas.
>>>
>>> Thanks
>>>
>>> Dim tempWindowsIdentity As WindowsIdentity
>>> Dim token As IntPtr = IntPtr.Zero
>>> Dim tokenDuplicate As IntPtr = IntPtr.Zero
>>> impersonateValidUser = False
>>> If RevertToSelf() Then
>>> If LogonUserA(userName, domain, password,
>>> LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) <> 0
>>> Then
>>> If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
>>> tempWindowsIdentity = New
>>> WindowsIdentity(tokenDuplicate)
>>> impersonationContext =
>>> tempWindowsIdentity.Impersonate()
>>> If Not impersonationContext Is Nothing Then
>>> impersonateValidUser = True
>>> End If
>>> End If
>>> End If
>>> End If
>>> If Not tokenDuplicate.Equals(IntPtr.Zero) Then
>>> CloseHandle(tokenDuplicate)
>>> End If
>>> If Not token.Equals(IntPtr.Zero) Then
>>> CloseHandle(token)
>>> End I



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot see workgroup computers by ''view workgroup computers'' - important! kimiraikkonen Computer Support 5 02-07-2007 12:06 PM
Q on file sharing via workgroup Toby Computer Information 0 01-19-2007 04:10 AM
Delegation with S4U or How to use S4U to impersonate a user on a remote server? Borislav Marinov ASP .Net Security 9 10-14-2005 04:24 AM
Impersonate via code? =?Utf-8?B?Y21heQ==?= ASP .Net 4 03-15-2005 05:25 PM
DirectoryEntry Impersonate or WindowsIdentity Impersonate? Bill Belliveau ASP .Net Security 3 01-31-2004 04:19 AM



Advertisments