Impersonation Problem

J

JAutovino

I have an app that needs to copy and register COM components prior to
launching a VB6 executable.

After obtaining the user token of a user with administrative permissions the
WindowsIdentity.Impersonate method returns this error:
"1008: ERROR_NO_TOKEN- An attempt was made to reference a token that does
not exist."

What really makes no sense is that after the impersonation, the current user
is the admin user. The thread seems to still be using the current machine
user and is ignoring the impersonated user.

ANY help would be greatly appreciated.

// daja

<code snippet>
IntPtr _userHandle = new IntPtr(0);
WindowsImpersonationContext _impersonatedUser = null;

string user = "adminuser";
string userDomain = "mydomain";
string password = "mypassword";

// clear errors
SetLastError(0);

// get a handle for the user defined
bool returnValue = LogonUser(user, userDomain, password,
LOGON32_LOGON_INTERACTIVE
, LOGON32_PROVIDER_DEFAULT, ref _userHandle);

// inline error check
int ilasterr = GetLastError();
// ** RETURNS Good (0)

if (!returnValue)
{
throw new ApplicationException("Could not impersonate user");
}

// this "current identity" is of the user on the machine before
impersonation
WindowsIdentity wi_pre = WindowsIdentity.GetCurrent();

// clear errors
SetLastError(0);


// impersonate with the admin user token
_impersonatedUser = WindowsIdentity.Impersonate(_userHandle);

ilasterr = GetLastError();
// *** RETURNS error 1008: ERROR_NO_TOKEN- An attempt was made to reference
a token that does not exist.

// this "current identity" is of the thread user after impersonation
WindowsIdentity newId = WindowsIdentity.GetCurrent();
WindowsPrincipal wp = new WindowsPrincipal(newId);

// examine the groups that the impersonated user belongs to
if (wp.IsInRole(WindowsBuiltInRole.Administrator))
{
Debug.Writeline(newId.Name + " is in Administrator group");
}
else
{
Debug.Writeline(newId.Name + " is NOT in Administrator group");
}

// *** The admin user shows as being part of the admin group but cannot do
anything like execute regsvr32 or regasm



//#######################################################

//all the declares are there:
#region Interop items
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_LOGON_SERVICE = 3;
public const int LOGON32_PROVIDER_DEFAULT = 0;

[DllImport("advapi32.dll", CharSet = CharSet.Auto)]
public static extern bool LogonUser(String lpszUserName, String
lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref
IntPtr phToken);

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern int GetLastError();

[DllImport("kernel32.dll", SetLastError = true)]
internal static extern void SetLastError(int errorCode);
#endregion
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top