Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / New Users / January 2006

Tip: Looking for answers? Try searching our database.

Impersonating as another user to alter ACL's

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
DrBytes - 17 Jan 2006 17:26 GMT
Hi,

I'm trying to add a user to an ACL of a folder.
Thing is that I need to present a with username/password prompt for the
administrator (or any other priviliged user) and use those credentials to
somehow get authenticated to add another useraccount to an ACL.
I just don't know where to start, is it possible to 'impersonate' an account
using .net and then use the credentials to alter ntfs settings? If so, can
someone point me in the right direction?

Cheers!
Reply to this Message
NuTcAsE - 17 Jan 2006 18:02 GMT
To impersonate a user the first thing you need is the security token of
that user and use WindowsIdentity.Impersonate () function that takes an
IntPtr (pointer) to that token.

To get the token you need to call the win32 api function LogonUser in
advapi32.dll. (see http://pinvoke.net/default.aspx/advapi32.LogonUser
for details and sample). Passing in the user name, domain and password
will authenticate the user and return a pointer to the security token,
which then can be used to call WindowsIdentity.Impersonate function.

(Be sure to wrap this entire operation in a try{}catch{}finally{}
block, and release the returned IntPtr in the catch block to avoid any
security issues... Also remember to revert back to the old identity
once your finished.)

Once the Impersonate function suceeds, your application is now using
the impersonated account's credentials. You can use the the new ACL
classes in .net 2.0 to programatically manage the ACL's of any NTFS
object. Link: http://west-wind.com/weblog/posts/4072.aspx

Hope this helps...
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.