Impersonate - Urgent

G

Guest

Hi

When Button_Click is called with a hardcoded value in uername,domain and
password its working fine. But the Impersonation has not taken place when
those parameters are passed through either session or variable

Refer: http://support.microsoft.com/default.aspx?scid=KB;en-us;q306158#4

Public Sub Button_Click(ByVal s As Object, ByVal e As EventArgs)
If impersonateValidUser("username", "domain", "password") Then
'Insert your code that runs under the security context of a specific
user here.
undoImpersonation()
Else
'Your impersonation failed. Therefore, include a fail-safe mechanism
here.
End If
End Sub

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False

If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function

Thanks in Advance
Waran
 
X

xhead

This may be an obvious question, but when you tried this while using
Session or other types of variables, did you examine those values
specifically, either by breaking on that line of code or logging the
values to a text file or something? It seems that the values you are
assuming are getting used are not the ones that are actually getting
used.

----

Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean

Log userName
Log domain
Log password

If RevertToSelf() Then
If LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE,
 
G

Guest

Mike,
I have checked the values when i am passing through session variable. Those
values are corrct. And if I pass the same values as a hard-coded. its working
perfect.

Thanks
Kumar
 
G

Guest

Mike,

Thanks a lot, the password differs from the database and the one we are
passing.

Thanks
Kumar
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top