3

I am trying to impersonate network service using advapi32 

LogonUser("NETWORK SERVICE", "NT AUTHORITY", null, LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_DEFAULT, ref token)

But keep getting Access is denied error, on a Windows 8 machine. Any ideas? (I googled a lot but can't find an answer).

<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">        
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
      </requestedPrivileges>
      <applicationRequestMinimum>
        <defaultAssemblyRequest permissionSetReference="Custom" />
        <PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" Unrestricted="true" />
      </applicationRequestMinimum>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application />      
  </compatibility>  
</asmv1:assembly>

EDIT:

So after few attempts the impersonation seems to work, but I cannot ever authenticate as the host's Network Service. How can an application pool run under a network service than?

Using 

LOGON32_LOGON_SERVICE

results in:

Unhandled Exception: System.ComponentModel.Win32Exception: Access is denied
   at Tools.Network.Impersonator.Impersonate(String userName, String domainName,
 String password, LogonType logonType, LogonProvider logonProvider)
   at Tools.Network.Impersonator..ctor(String userName, String domainName, Strin
g password, LogonType logonType, LogonProvider logonProvider)
   at Impersonation.Program.Main(String[] args)

Using 

LOGON32_LOGON_NEW_CREDENTIALS

results in:

System.IO.IOException: Logon failure: unknown user name or bad password.

   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.File.InternalCopy(String sourceFileName, String destFileName, Bo
olean overwrite)
   at System.IO.File.Copy(String sourceFileName, String destFileName, Boolean ov
erwrite)
   at Impersonation.Program.Main(String[] args)

Puzzled.

Darek
  • 4,687
  • 31
  • 47
  • 2
    What does your config file look like .. do you have a setting like this in your config `` here is a link but not sure if it will actually help answer your question.. http://www.scribd.com/doc/87727277/Impersonation or http://msdn.microsoft.com/en-us/library/Aa292118 – MethodMan Jan 04 '13 at 21:26
  • Yes. Updating post in a sec with assembly manifest. – Darek Jan 04 '13 at 21:39
  • Thanks DJ KRAZE, but it does not apply to me. It is a console app, utilizing advapi32.dll. – Darek Jan 04 '13 at 21:44
  • could this still be a permissions issue..? what error are you getting if any..? – MethodMan Jan 04 '13 at 21:48
  • Marshal.GetLastWin32Error() returns 5 – Darek Jan 04 '13 at 21:49
  • Is there another machine or OS that you can try this on..? Windows 7 perhaps..? it could be a bug with Windows 8 there have been a lot of issues with Windows 8 – MethodMan Jan 04 '13 at 21:52
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/22207/discussion-between-darek-and-dj-kraze) – Darek Jan 04 '13 at 21:54
  • I would love to continue but I am on my way out the door.. have to take my roommate to work ..I will check back when I get home – MethodMan Jan 04 '13 at 21:55
  • So using this guide http://platinumdogs.me/2008/10/30/net-c-impersonation-with-network-credentials/ I was able to impersonate a local or domain user, but never NT AUTHORITY\NETWORK SERVICE. – Darek Jan 04 '13 at 23:18
  • what type are you using for login Credentials use `logon_type_new_credentials` or `interactive` ..? you need to use `logon_type_new_credentials` – MethodMan Jan 04 '13 at 23:52
  • I've tried every possible combination. – Darek Jan 07 '13 at 14:03
  • are you passing a service user account name and that service password..? is there a way to create a new service account user/password as well as give it the proper rights..? this is the only thing else that I can think to do the code from that link should have worked.. – MethodMan Jan 07 '13 at 15:47
  • It works with service accounts. But it does not work with "Network Service", "Local Service" or "SYSTEM" accounts. Accordingly to Microsoft, their passwords are supposed to be passed as NULL. – Darek Jan 07 '13 at 15:50
  • is this something that has to be done with other account types or can you get by with having it work with service accounts until you can do more research or get in contact with Microsoft and inquire about why this is not working for the other account types..? – MethodMan Jan 07 '13 at 15:56

2 Answers2

3

Finally! I have found an answer:

How do I 'run as' 'Network Service'?

and

http://geek.hubkey.com/2008/02/impersonating-built-in-service-account.html

On Windows 8.. "Microsoft have changed the default behaviour of this in Windows 8 / Windows Server 2012. To allow interactive services, you need to find the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows and change NoInteractiveServices from 1 to 0."

Community
  • 1
  • 1
Darek
  • 4,687
  • 31
  • 47
1

Here is a really good link that has code and everything I think that this is what you may be looking for . Let me know if this link does the trick

.NET (C#) Impersonation with Network Credentials works for LOGON32_LOGON_NEW_CREDENTIALS as your logon type, which requires that you select LOGON32_PROVIDER_WINNT50 as the logon provider type.

MethodMan
  • 18,625
  • 6
  • 34
  • 52