I have some problem. I writing app in c# (WPF) and my app need privilege from user currently logged in to PC and app have it on a start. Now i need to add the privilege of another user that i have login/pass for, but with not remove the currently logged user privilege. I need this for copy file from PC to share folder of another user. PC runs in a domain. I cant use LogOn coz this method remove currently logged in to PC user.
Asked
Active
Viewed 1,620 times
0
-
possible duplicate of [Connect to network drive with user name and password](http://stackoverflow.com/questions/3700871/connect-to-network-drive-with-user-name-and-password) – Tony Hopkinson May 31 '14 at 19:48
-
This must give privilege on login to appl. And in that moment i dont know the UNC path (machine name). I have only pass and login. And there is some PC in this domain. I need something like LogonUser impersonate, but this remove currently logged user privilege. – user3674365 May 31 '14 at 20:02
-
Now I'm totally confused, you don't know the PC/Share? If I'm understanding you correctly. You either need to impersonate someone and get them to give 'you' write permission to their share, so you can then copy the file. Or you need to impersonate them and have them copy the file from something you are sharing to their share. Got to say this seems ridiculously complicated, incredibly fragile and not a good idea at all. – Tony Hopkinson May 31 '14 at 20:20
-
i read that i can use kerberos for this but i cant find any example of impelentation :/ – user3674365 May 31 '14 at 20:27
1 Answers
1
Create a Impersonation class.
class UserImpersonation2:IDisposable
{
[DllImport("advapi32.dll")]
public static extern bool LogonUser(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
WindowsImpersonationContext wic;
IntPtr tokenHandle;
string _userName;
string _domain;
string _passWord;
public UserImpersonation2(string userName, string domain, string passWord)
{
_userName = userName;
_domain = domain;
_passWord = passWord;
}
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
public bool ImpersonateValidUser()
{
bool returnValue = LogonUser(_userName, _domain, _passWord,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
ref tokenHandle);
Console.WriteLine("LogonUser called.");
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
Console.WriteLine("LogonUser failed with error code : {0}", ret);
return false;
}
Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No"));
Console.WriteLine("Value of Windows NT token: " + tokenHandle);
// Check the identity.
Console.WriteLine("Before impersonation: "
+ WindowsIdentity.GetCurrent().Name);
// Use the token handle returned by LogonUser.
WindowsIdentity newId = new WindowsIdentity(tokenHandle);
wic = newId.Impersonate();
// Check the identity.
Console.WriteLine("After impersonation: "
+ WindowsIdentity.GetCurrent().Name);
return true;
}
#region IDisposable Members
public void Dispose()
{
if(wic!=null)
wic.Undo();
if (tokenHandle != IntPtr.Zero)
CloseHandle(tokenHandle);
}
#endregion
}
Then use it:
const string file = @"\\machine\test\file.txt";
using (UserImpersonation user = new UserImpersonation("user", "domain", "password"))
{
if (user.ImpersonateValidUser())
{
StreamReader reader = new StreamReader(file);
Console.WriteLine(reader.ReadToEnd());
reader.Close();
}
}
Font: https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.aspx
henriqb
- 21
- 2
-
https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity.aspx – henriqb Apr 30 '15 at 16:28