Impersonate call fails even after duplicating token


G

Guest

here is the code:

IntPtr token1 = IntPtr.Zero;

int loggedOn = -1;

loggedOn =
LogonUser(lpszUsername,lpszDomain,Pwd,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref token1);

if(loggedOn == 1)
{
IntPtr dupeTokenHandle = new IntPtr(0);
bool retVal = DuplicateToken(token1, SecurityImpersonation, ref
dupeTokenHandle);

WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle);
CloseHandle(dupeTokenHandle);
CloseHandle(token1);
System.Security.Principal.WindowsImpersonationContext wimp =
newid.Impersonate();
}

The Impersonate() line fails with this error:
System.Security.SecurityException: Unable to impersonate user.
 
Ad

Advertisements

G

Guest

I should probably clearify a few things after doing some further testing...

I simplified my code, but what i am actually doing is passing the
WindowsIdentity VIA remoting and calling the impersonate method on the other
end.

The code exactly as i have it in the previous post does work, but moving
that impersonate call to another method does not.

I actually get two errors:

"Unable to impersonate user", or randomly i will get this error:

"A WindowsIdentity object cannot be serialized across processes"

My OS is Windows 2000 Sp4 with IIS 5, the main code that i posted runs in a
console app, and i have a Web form that calls it via remoting to retrieve the
WindowsIdentiy, then impersonate the user.
 
Ad

Advertisements

G

Guest

I guess what i am trying to do is not technically possible, windows will not
let me pass a token or identity outside of the process that it was
authenticated in. I guess this makes sense, it seemed promising since
WindowsIdentity was a serializable class.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top