 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / General / September 2004Impersonation and UNC shares in a windows service
Hello all, Here is my problem. I have a windows service (C#) that is supposed to move files from/to the local drive to/from a UNC share (\\domainserver\share). The service is running on a Win3k server not connected to a domain, as a local user. The service impersonates a local user (on domainserver) that has full permissions to that share. Any File.Move, File.Copy operations are successfull. Any Directory.GetFiles fail with "Logon failure: unknown user name or bad password", stack trace is Exception stack trace: at System.IO.__Error.WinIOError(Int32 errorCode, String str) at System.IO.Directory.InternalGetFileDirectoryNames(String fullPath, String userPath, Boolean file) at System.IO.Directory.InternalGetFiles(String path, String userPath, String searchPattern) at System.IO.Directory.GetFiles(String path, String searchPattern). The call succeeds if I run the service under a local account with the same user name/pwd or if the server is connected to the domain and the service runs as any domain account. The impersonation code is similar with the samples from MSDN (sorry about the formatting): public static void ImpersonateUser(string domainName, string userName, string password) { IntPtr tokenHandle = new IntPtr(0); IntPtr dupeTokenHandle = new IntPtr (0); try { // Get the user token for the specified user, domain, and password using the // unmanaged LogonUser method. const int SecurityImpersonation = 2; tokenHandle = IntPtr.Zero; dupeTokenHandle = IntPtr.Zero; // Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser(userName, domainName, password, (int) LogonType.LOGON32_LOGON_NEW_CREDENTIALS, (int) LogonProvider.LOGON32_PROVIDER_DEFAULT, ref tokenHandle); if (false == returnValue) { int ret = Marshal.GetLastWin32Error(); throw new System.ComponentModel.Win32Exception(ret, GetErrorMessage (ret)); } //Duplicate the token bool retVal = DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle); if (false == retVal) { CloseHandle (tokenHandle); throw new ApplicationException("Exception thrown in trying to duplicate token."); } // The token that is passed to the following constructor must // be a primary token in order to use it for impersonation. WindowsIdentity newId = new WindowsIdentity(dupeTokenHandle); WindowsImpersonationContext impersonatedUser = newId.Impersonate(); try { do stuff; } catch {} // Stop impersonating the user. impersonatedUser.Undo(); // Free the tokens. if (tokenHandle != IntPtr.Zero) CloseHandle (tokenHandle); if (dupeTokenHandle != IntPtr.Zero) CloseHandle (dupeTokenHandle); } catch(Exception ex) { throw ex; } } } Thanks a lot for any help or ideas, Chris This works for me. using System; using System.IO; using System.Runtime.InteropServices; using System.Security; using System.Security.Principal; using System.Reflection; namespace ImpersonateTest { class Class1 { [DllImport("advapi32.dll")] public static extern int LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("kernel32.dll")] public extern static bool CloseHandle(IntPtr hToken); static void Main(s) { Class1 c = new Class1(); if(c.Impersonate("someuserOnRemoteSrv", "RemoteSrv", "hisPwd")) { string[] dirs = Directory.GetFiles(@"\\RemoteSrv\xxxx", "*"); foreach (string dir in dirs) Console.WriteLine(dir); c.impersonationContext.Undo(); } else Console.WriteLine("Impersonation failed"); } public bool Impersonate(string userName, string domain, string password) { WindowsIdentity tempWindowsIdentity; IntPtr token = IntPtr.Zero; IntPtr tokenDuplicate = IntPtr.Zero; // request default security provider a logon token with LOGON32_LOGON_NEW_CREDENTIALS, // token returned is impersonation token, no need to duplicate if(LogonUser(userName, domain, password, 9, 0, ref token) != 0) { tempWindowsIdentity = new WindowsIdentity(token); impersonationContext = tempWindowsIdentity.Impersonate(); // close impersonation token, no longer needed CloseHandle(token); if (impersonationContext != null) return true; } return false; // Failed to impersonate. } WindowsImpersonationContext impersonationContext; } } Willy. > Hello all, > Here is my problem. I have a windows service (C#) that is [quoted text clipped - 111 lines] > Thanks a lot for any help or ideas, > Chris Thanks for the quick reply Willy. The only difference I see is that you're not duplicating the token. I'll give it a try tomorrow and let you know how it works out. Chris Chris, It doesn't really mather, the DuplicateToken is only needed when the token obtained when calling Logon user is not an impersonation token. It works also when impersonating using the token obtained by DuplicateToken. Willy. > Thanks for the quick reply Willy. The only difference I > see is that you're not duplicating the token. I'll give it > a try tomorrow and let you know how it works out. > > Chris Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.