Runtime Impersonation - Help !!!

[Snig]

Hi all

I need to implement Runtime (Conditional) Impersonation in one of my ASP.NET
Pages.

If I use the <identity impersonate="true" /> in web.config file, it works
fine.

But in code, while I try to Impersonate I get Win32 error. I am using
"Logon" Win32 API for get a specific token. But this API is returning error
1314 : A required privilege is not held by the client

I tried to resolve it by assinging the most probable Security priviledges to
the "ASPNET" account by "Local Security Policy" snap-in. But nothing worked.

Can anybody please help me ?

Thanx in advance.

[Eric Mayne]

By setting <identity impersonate="true" /> in web.config file the asp.net
worker process assumes the identity of the person requesting the page.
Most likely the user making the request does not have permissions to
impersonate.

Eric Mayne



"Snig" <snigbb@yahoo.co.in> wrote in message
news:#D1cHf2VDHA.1676@TK2MSFTNGP10.phx.gbl...

> Hi all
>
> I need to implement Runtime (Conditional) Impersonation in one of my

ASP.NET

> Pages.
>
> If I use the <identity impersonate="true" /> in web.config file, it works
> fine.
>
> But in code, while I try to Impersonate I get Win32 error. I am using
> "Logon" Win32 API for get a specific token. But this API is returning

error

> 1314 : A required privilege is not held by the client
>
> I tried to resolve it by assinging the most probable Security priviledges

to

> the "ASPNET" account by "Local Security Policy" snap-in. But nothing

worked.

>
> Can anybody please help me ?
>
> Thanx in advance.
>
>
>
>

[Marni Alvarez]

I was having the same problem and this worked for me. I
got this from the book ".NET Security" by Fischer and
Smith, but there was a bug in their code. Hope this is
helpful.

public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
public const int SECURITY_IMPERSONATION_LEVEL = 2;

WindowsImpersonationContext impersonatedContext;
WindowsIdentity tempIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDup = IntPtr.Zero;

if ( LogonUser(userName, userDomain, userPassword,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0 )
{
DuplicateToken(token, SECURITY_IMPERSONATION_LEVEL,
ref tokenDup);
tempIdentity = new WindowsIdentity(tokenDup);

impersonatedContext = tempIdentity.Impersonate();
}

....

// and then when you're finished impersonating
impersonatedContext.Undo();

>-----Original Message-----
>Hi all
>
>I need to implement Runtime (Conditional) Impersonation

in one of my ASP.NET

>Pages.
>
>If I use the <identity impersonate="true" /> in

web.config file, it works

>fine.
>
>But in code, while I try to Impersonate I get Win32

error. I am using

>"Logon" Win32 API for get a specific token. But this API

is returning error

>1314 : A required privilege is not held by the client
>
>I tried to resolve it by assinging the most probable

Security priviledges to

>the "ASPNET" account by "Local Security Policy" snap-in.

But nothing worked.

>
>Can anybody please help me ?
>
>Thanx in advance.
>
>
>
>
>.
>

[Snig]

Thanx Marni.

But I've written exactly the same code that you have mentioned here.
Still the "LOGONUSER" API sends error : 1314 : A required privilege is not
held by the client

I saw somewhere in the Web that this process requires ASPNET user to have
permission "Act As a Part of the OS". I granted that permission too. Still
it doesn't work !

Any clue ?


"Marni Alvarez" <malvarez@nextrx.com> wrote in message
news:01d001c3579c$c1bb0600$a601280a@phx.gbl...

> I was having the same problem and this worked for me. I
> got this from the book ".NET Security" by Fischer and
> Smith, but there was a bug in their code. Hope this is
> helpful.
>
> public const int LOGON32_LOGON_INTERACTIVE = 2;
> public const int LOGON32_PROVIDER_DEFAULT = 0;
> public const int SECURITY_IMPERSONATION_LEVEL = 2;
>
> WindowsImpersonationContext impersonatedContext;
> WindowsIdentity tempIdentity;
> IntPtr token = IntPtr.Zero;
> IntPtr tokenDup = IntPtr.Zero;
>
> if ( LogonUser(userName, userDomain, userPassword,
> LOGON32_LOGON_INTERACTIVE,
> LOGON32_PROVIDER_DEFAULT, ref token) != 0 )
> {
> DuplicateToken(token, SECURITY_IMPERSONATION_LEVEL,
> ref tokenDup);
> tempIdentity = new WindowsIdentity(tokenDup);
>
> impersonatedContext = tempIdentity.Impersonate();
> }
>
> ...
>
> // and then when you're finished impersonating
> impersonatedContext.Undo();
>

> >-----Original Message-----
> >Hi all
> >
> >I need to implement Runtime (Conditional) Impersonation

> in one of my ASP.NET

> >Pages.
> >
> >If I use the <identity impersonate="true" /> in

> web.config file, it works

> >fine.
> >
> >But in code, while I try to Impersonate I get Win32

> error. I am using

> >"Logon" Win32 API for get a specific token. But this API

> is returning error

> >1314 : A required privilege is not held by the client
> >
> >I tried to resolve it by assinging the most probable

> Security priviledges to

> >the "ASPNET" account by "Local Security Policy" snap-in.

> But nothing worked.

> >
> >Can anybody please help me ?
> >
> >Thanx in advance.
> >
> >
> >
> >
> >.
> >