EldoS | Feel safer!

Software components for data protection, secure storage and transfer

User impersonation with a token returned by GetOriginatorToken

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#6119
Posted: 05/05/2008 14:09:08
by Vladimir Lichman (Priority Standard support level)
Joined: 05/01/2008
Posts: 19

I am trying to impersonate a user returned by GetOriginatorToken in OnOpenFile event:

IntPtr securityToken = fCbfs.GetOriginatorToken();
WindowsIdentity identity = new WindowsIdentity(securityToken);
WindowsImpersonationContext wic = identity.Impersonate();

I get the ‘Unable to impersonate user’ exception in a call to identity.Impersonate().

Should I call DuplicateToken before creating WindowsIdentity as described here:
http://support.microsoft.com/kb/319615
?

I am using CBFSNet.dll v1.2.25.36712 and .Net 2.0 on Windows Server 2003 SP1.
#6167
Posted: 05/07/2008 12:34:28
by Volodymyr Zinin (EldoS Corp.)

You can try to duplicate a token. But perhaps the problem is due to security restriction.
#6171
Posted: 05/07/2008 14:08:06
by Vladimir Lichman (Priority Standard support level)
Joined: 05/01/2008
Posts: 19

How than I can use NTLM or Kerberos authentication in Windows Service? The service runs under Local System account. But I need to access network with privileges of the user returned by GetOriginatorToken(­);

I have tried running the same piece of impersonation code from a console application with administrator privileges and I get the same error - 'Unable to impersonate user'.

Unfortunately DuplicateToken did not help.
#6186
Posted: 05/09/2008 04:20:00
by Volodymyr Zinin (EldoS Corp.)

I don't know why the problem occurs. You can try to impersonate threads using the win32 api set. Or use another way (without the impersonation) to achieve the necessary functionality.

Reply

Statistics

Topic viewed 3100 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!