INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

HANDLE


PASSWORD
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
E-mail*
Handle

Password
Verify P'word
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Member Feedback

"...Congratulations on a brilliant idea and a great site..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!
Home > Forums > Programmers > Languages > Visual Basic(Microsoft) -VB.NET 2002-2008 Forum

 RunAs command - Impersonation class

thread796-1235871
Helpful Member!Helpful Member!techsmith (MIS)
27 May 06 10:07
Having chased around for a clear working example of impersonation in .net I came up with A RunAs_Impersonator class to simplify things.  Here is an example of how you would use the class:

CODE

        Dim imp As New RunAs_Impersonator
        Try
            imp.ImpersonateStart(DomainName, UserName, Password) 'creates new context using token for user

            Add code to run as UserName here 'everything between ImpersonateStart and ImpersonateStop will be run as the impersonated user

            imp.ImpersonateStop()
        Catch ex As Exception 'make sure impersonation is stopped whether code succeeds or not
            MsgBox(ex.Message)
            imp.ImpersonateStop()
        End Try

I found a couple of examples from postings and examples in the WindowsImpersonationContext help and re-worked these to split the impersonation into separate start and stop methods - hopefully this makes the usage clearer.

So far it seems to work, but I note that this method has some limitations for instance it doesn't work for win9x or 2000 operating systems.  Also (noted from thread796-1129322) the local policy has to allow users to 'Act As Part of the Operating System.'

Here is the code for the class:

CODE

Imports System
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.Security.Permissions
Imports Microsoft.VisualBasic
<Assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode:=True), _
 Assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name:="FullTrust")>

Public Class RunAs_Impersonator
#Region "Private Variables and Enum Constants"
    Private tokenHandle As New IntPtr(0)
    Private dupeTokenHandle As New IntPtr(0)
    Private impersonatedUser As WindowsImpersonationContext
#End Region
#Region "Properties"

#End Region
#Region "Public Methods"
    Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean

    Public Declare Auto Function DuplicateToken Lib "advapi32.dll" (ByVal ExistingTokenHandle As IntPtr, _
      ByVal SECURITY_IMPERSONATION_LEVEL As Integer, _
      ByRef DuplicateTokenHandle As IntPtr) As Boolean

    ' Test harness.
    ' If you incorporate this code into a DLL, be sure to demand FullTrust.
    <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _
    Public Sub ImpersonateStart(ByVal Domain As String, ByVal userName As String, ByVal Password As String)
        Try
            tokenHandle = IntPtr.Zero
            ' Call LogonUser to obtain a handle to an access token.
            Dim returnValue As Boolean = LogonUser(userName, Domain, Password, 2, 0, tokenHandle)

            'check if logon successful
            If returnValue = False Then
                Dim ret As Integer = Marshal.GetLastWin32Error()
                Console.WriteLine("LogonUser failed with error code : {0}", ret)
                Throw New System.ComponentModel.Win32Exception(ret)
                Exit Sub
            End If

            'Logon succeeded

            ' Use the token handle returned by LogonUser.
            Dim newId As New WindowsIdentity(tokenHandle)
            impersonatedUser = newId.Impersonate()
        Catch ex As Exception
            Throw ex
            Exit Sub
        End Try
        MsgBox("running as " & impersonatedUser.ToString & " -- " & WindowsIdentity.GetCurrent.Name)
    End Sub
    <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust")> _
    Public Sub ImpersonateStop()
        ' Stop impersonating the user.
        impersonatedUser.Undo()

        ' Free the tokens.
        If Not System.IntPtr.op_Equality(tokenHandle, IntPtr.Zero) Then
            CloseHandle(tokenHandle)
        End If
        MsgBox("running as " & Environment.UserName)
    End Sub
#End Region
#Region "Private Methods"
    Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal lpszUsername As [String], _
     ByVal lpszDomain As [String], ByVal lpszPassword As [String], _
     ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _
     ByRef phToken As IntPtr) As Boolean

    <DllImport("kernel32.dll")> _
    Public Shared Function FormatMessage(ByVal dwFlags As Integer, ByRef lpSource As IntPtr, _
     ByVal dwMessageId As Integer, ByVal dwLanguageId As Integer, ByRef lpBuffer As [String], _
     ByVal nSize As Integer, ByRef Arguments As IntPtr) As Integer
    End Function
#End Region
End Class
Hope this is helpful.  Please feel free to add any comments, corrections or improvements.
Find A Job or Post a Job Opening Click Here.
ThatRickGuy (Programmer)
27 May 06 17:47
Thanks for posting your solutions. Never know when code like this will come in helpful!

-Rick

VB.Net Forum forum796    forum855 ASP.NET Forum
    I believe in killer coding ninja monkeys.

Start A New Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Promoting, selling, recruiting and student posting
are not allowed in the forums.
Posting Policies
LINK TO THIS FORUM!
(Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum)
TITLE: Visual Basic(Microsoft) -VB.NET 2002-2008 Forum at Tek-Tips
URL: http://www.tek-tips.com/threadminder.cfm?pid=796
DESCRIPTION: Visual Basic(Microsoft) -VB.NET 2002-2008 technical support forum and mutual help system for computer professionals. Selling and recruiting forbidden.

 

Back To Forum

Back To Visual Basic(Microsoft) -VB.NET 2002-2008