EldoS | Feel safer!

Software components for data protection, secure storage and transfer

User impersonation with a token returned by GetOriginatorToken

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
Posted: 05/05/2008 14:09:08
by Vladimir Lichman (Priority Standard support level)
Joined: 05/01/2008
Posts: 19

I am trying to impersonate a user returned by GetOriginatorToken in OnOpenFile event:

IntPtr securityToken = fCbfs.GetOriginatorToken();
WindowsIdentity identity = new WindowsIdentity(securityToken);
WindowsImpersonationContext wic = identity.Impersonate();

I get the ‘Unable to impersonate user’ exception in a call to identity.Impersonate().

Should I call DuplicateToken before creating WindowsIdentity as described here:

I am using CBFSNet.dll v1.2.25.36712 and .Net 2.0 on Windows Server 2003 SP1.
Posted: 05/07/2008 12:34:28
by Volodymyr Zinin (EldoS Corp.)

You can try to duplicate a token. But perhaps the problem is due to security restriction.
Posted: 05/07/2008 14:08:06
by Vladimir Lichman (Priority Standard support level)
Joined: 05/01/2008
Posts: 19

How than I can use NTLM or Kerberos authentication in Windows Service? The service runs under Local System account. But I need to access network with privileges of the user returned by GetOriginatorToken(­);

I have tried running the same piece of impersonation code from a console application with administrator privileges and I get the same error - 'Unable to impersonate user'.

Unfortunately DuplicateToken did not help.
Posted: 05/09/2008 04:20:00
by Volodymyr Zinin (EldoS Corp.)

I don't know why the problem occurs. You can try to impersonate threads using the win32 api set. Or use another way (without the impersonation) to achieve the necessary functionality.



Topic viewed 3004 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!