Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Security / May 2008

Tip: Looking for answers? Try searching our database.

WindowsIdentity.GetCurrent

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
despird - 15 May 2008 09:01 GMT
System.Security.Principal.WindowsIdentity.GetCurrent() can give me the
current logged-on user, but I found if I'm using impersonation in the
context, it can only give me the user identity who's being
impersonated rather than the real logged user on the Windows, what if
I want the latter?
Reply to this Message
Dominick Baier - 15 May 2008 10:40 GMT
first, WindowsIdentity.GetCurrent has an overload that you can use to determine
if you are currently impersonating.

then you can undo impersonation temporarily to get to the process account

do this

using (WindowsIdentity.Impersonate(IntPtr.Zero))
{
 string process = WindowsIdentity.GetCurrent();
}

from the docs:
"Calling the Impersonate(IntPtr) method with a userToken value of Zero is
equivalent to calling the Win32 RevertToSelf function. If another user is
currently being impersonated, control reverts to the original user."

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> System.Security.Principal.WindowsIdentity.GetCurrent() can give me the
> current logged-on user, but I found if I'm using impersonation in the
> context, it can only give me the user identity who's being
> impersonated rather than the real logged user on the Windows, what if
> I want the latter?
Reply to this Message
despird - 15 May 2008 13:04 GMT
On May 15, 5:40 pm, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.com> wrote:
> first, WindowsIdentity.GetCurrent has an overload that you can use to determine
> if you are currently impersonating.
[quoted text clipped - 26 lines]
>
> - Show quoted text -

that seems to be a very plausible solution, i'll try it again tomorrow
thanks a lot.
Reply to this Message
despird - 16 May 2008 01:41 GMT
> On May 15, 5:40 pm, Dominick Baier
>
[quoted text clipped - 34 lines]
>
> - Show quoted text -

that does work, thanks a lot Dominick
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.