Impersonation and Network Share

  • Thread starter Jason MacKenzie
  • Start date

J

Jason MacKenzie

I have an asp.net application with a treeview control that accesses a
network share and recurses through all the directories and displays the
structure on a scree - pretty standard stuff.

I impersonate a domain admin account with the code that I will attach below.
When I step through the code the impersonation appears to be successful and
I'm getting the username and pwd from the registry which I use in many other
places so I know they are right.

The idea is to give specific people full control over their own folders and
then control read acces through our intranet security framework.

The issue is that unless I give Everyone read access to the share I get
prompted for a user name and password - which to my way of thinking
shouldn't happen as I am impersonating a domain admin.

Any help is appreciated.

Jason

Imports System.Security
Imports System.Web.Security
Imports System.Security.Principal

Module Common
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0

Dim impersonationContext As WindowsImpersonationContext

Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername
As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" _
(ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As
Integer

Public Function impersonateValidUser(ByVal userName As String, ByVal
domain As String, ByVal password As String) As Boolean

Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr
Dim tokenDuplicate As IntPtr

If LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
_
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If impersonationContext Is Nothing Then
impersonateValidUser = False
Else
impersonateValidUser = True
End If
Else
impersonateValidUser = False
End If
Else
impersonateValidUser = False
End If
End Function

Public Sub undoImpersonation()
impersonationContext.Undo()
End Sub

End Module
 
Ad

Advertisements

S

Scott Allen

Hi Jason:

You mean the browser is prompting for a user name and password? That
means there is a request going from the browser to the other machine -
the code you have below will only impersonate a user for your server
side code.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top