Is it possible to impersonate someone using NTLM on the local machine?

Question

I have a Web Application running in IIS, using Windows Authentication (NTLM or Kerberos, against an Active Directory).

I would like to connect to that machine, but not as myself but as a user whose password I don't have. However, I do control the server.

Since I don't need delegation (but only local access against IIS), I wonder if there is a way to impersonate/authenticate as that person without having to use Forms/Basic/Digest auth?

score 1 · Accepted Answer · edited May 23 '17 at 12:19

1

You can't do it without knowing the persons password. That would be a major security flaw.

If you can, set the app pool to run as the user. If you can't set the entire access but just for some few lines of code, check out my other answer about how to do that: How do I pass credentials to a machine so I can use Microsoft.Win32.RegistryKey.OpenRemoteBaseKey() on it?

edited May 23 '17 at 12:19

Community

1
1

answered May 28 '11 at 00:50

Oskar Kjellin

21,280
10
54
93

Is it possible to impersonate someone using NTLM on the local machine?

1 Answers1