1

I am trying to impersonate a user in .NET core to copy a file directly to shared drive. I have looked it up online and copied and changed code but my Login function does not work.

Here is the code

 #region Impersionation global variables
        public const int LOGON32_LOGON_INTERACTIVE = 2;
        public const int LOGON32_PROVIDER_DEFAULT = 0;

        [DllImport("advapi32.dll")]
        public static extern int LogonUserA(String lpszUserName,
            String lpszDomain,
            String lpszPassword,
            int dwLogonType,
            int dwLogonProvider,
            ref IntPtr phToken);
        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern int DuplicateToken(IntPtr hToken,
            int impersonationLevel,
            ref IntPtr hNewToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern bool RevertToSelf();

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public static extern bool CloseHandle(IntPtr handle);
        #endregion

Impersonate Function

 private bool ImpersonateUser(string domain, string userName, string password)
        {
            WindowsIdentity tempWindowsIdentity;
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;


            if (RevertToSelf())
            {
//This logonUserA does not run correctly
                if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                    LOGON32_PROVIDER_DEFAULT, ref token) != 0)
                {
                    if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                    {
                        tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);

                        WindowsIdentity.RunImpersonated(tempWindowsIdentity.AccessToken,() =>
                        {
                            CloseHandle(token);
                            CloseHandle(tokenDuplicate);
                        });

                    }
                }
            }
            if (token != IntPtr.Zero)
                CloseHandle(token);
            if (tokenDuplicate != IntPtr.Zero)
                CloseHandle(tokenDuplicate);
            return false;
        }

LogonUserA function is not logging in correctly. I am passing in domain name, username and password correctly but it still does not work.

Any ideas will be appreciated

Learn AspNet
  • 1,192
  • 3
  • 34
  • 74
  • Start by using `LogonUserW`. It's rarely appropriate to use the `A` versions of Win32 API functions. That won't necessarily fix this problem but it'll prevent certain other problems. – madreflection Aug 27 '19 at 22:42
  • @madreflection Thank you, It did not fix this problem. Do you have any other ideas? – Learn AspNet Aug 27 '19 at 22:45
  • No, and it wasn't intended to. By using the `W` version, at least now it doesn't have to translate Unicode to the current code page to make the call and then translate back internally, so your strings won't be converted to something that won't match the values they're supposed to match. – madreflection Aug 27 '19 at 22:48
  • I think impersonation must be configured in your IIS and (maybe) in your windows server (if I remember the good old times) – hugo Aug 27 '19 at 23:29
  • @hugo: Configuring impersonation causes IIS to do the impersonation, however, you can also impersonate a user in the manner that Learn AspNet is doing it. This is useful if you have IIS impersonating one domain account that has web-oriented permissions but you need to use a different domain user for Windows authentication to SQL server (not a great design, but one I've seen). – madreflection Aug 27 '19 at 23:51
  • What do you get from [GetLastError()](https://stackoverflow.com/questions/17918266/winapi-getlasterror-vs-marshal-getlastwin32error) after `LogonUserA` failed? Passing a password to the server does not seem to be a great idea :\ – fenixil Aug 28 '19 at 02:28
  • Can you also provide more details on your usecase: why do you want to impersonate a user, is 'user' a client that made a request to your web application or you have some hardcoded user (eg system account), how do you get a password. that will help us better undertand the context and avoid [XY problem](https://en.wikipedia.org/wiki/XY_problem) (maybe you don't need impersonation at all ¯\_(ツ)_/¯ ?) – fenixil Aug 28 '19 at 02:53

0 Answers0