I have a wcf service with a method that copies files from a network share to a temp folder on the web server. It works perfectly if I use the logonuser function but not if I use the currentwindowsidentity.
I need to be able it impersonate the currently logged in user, not have to specify any credentials. I have found other users report the same problem as well and I have not been able to find a solution.
Any help would be greatly appreciated.
Thanks
Code that does do impersonation but cannot see the files on the share. I can check
Public Function CopyFiletoSite(filename As String, id As Integer) As String
Try
Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(WindowsIdentity.GetCurrent, System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
For Each File In Directory.GetFiles(HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\")
IO.File.Delete(File.ToString)
Next
If IO.File.Exists(filename) Then
Dim tmpfilename As String = id & ".tif"
IO.File.Copy(filename, (HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\" & tmpfilename), True)
Return tmpfilename
Else
Return "Cannot find this file:" & filename & " Current user is" & ServiceSecurityContext.Current.WindowsIdentity.Name.ToString
End If
impersonationContext.Undo()
Return "Impersonate"
Catch ex As Exception
Return ex.Message
End Try
End Function
'Code that works but i have to specify domain, user, and password which I cannot do in live environment. I need to be able to detect and use the current users context.
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
Private Sub undoImpersonation()
impersonationContext.Undo()
End Sub
Public Function CopyFiletoSite(filename As String, id As Integer) As String
Try
If impersonateValidUser(DeNull(ConfigurationManager.AppSettings("DomainUserName").ToString), DeNull(ConfigurationManager.AppSettings("DomainName").ToString), DeNull(ConfigurationManager.AppSettings("DomainPassword").ToString)) Then
'Insert your code that runs under the security context of a specific user here.
For Each File In Directory.GetFiles(HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\")
IO.File.Delete(File.ToString)
Next
If IO.File.Exists(filename) Then
Dim tmpfilename As String = id & ".tif"
IO.File.Copy(filename, (HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\" & tmpfilename), True)
Return tmpfilename
Else
Return "Cannot find this file:" & filename & " Current user is" & ServiceSecurityContext.Current.WindowsIdentity.Name.ToString
End If
undoImpersonation()
Else
''impersonation failed"
End If
Return "Impersonate"
Catch ex As Exception
Return ex.Message
End Try
End Function
I need to be able it impersonate the currently logged in user, not have to specify any credentials. I have found other users report the same problem as well and I have not been able to find a solution.
Any help would be greatly appreciated.
Thanks
Code that does do impersonation but cannot see the files on the share. I can check
Public Function CopyFiletoSite(filename As String, id As Integer) As String
Try
Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(WindowsIdentity.GetCurrent, System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
For Each File In Directory.GetFiles(HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\")
IO.File.Delete(File.ToString)
Next
If IO.File.Exists(filename) Then
Dim tmpfilename As String = id & ".tif"
IO.File.Copy(filename, (HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\" & tmpfilename), True)
Return tmpfilename
Else
Return "Cannot find this file:" & filename & " Current user is" & ServiceSecurityContext.Current.WindowsIdentity.Name.ToString
End If
impersonationContext.Undo()
Return "Impersonate"
Catch ex As Exception
Return ex.Message
End Try
End Function
'Code that works but i have to specify domain, user, and password which I cannot do in live environment. I need to be able to detect and use the current users context.
Dim LOGON32_LOGON_INTERACTIVE As Integer = 2
Dim LOGON32_PROVIDER_DEFAULT As Integer = 0
Dim impersonationContext As WindowsImpersonationContext
Declare Function LogonUserA Lib "advapi32.dll" (ByVal lpszUsername As String, _
ByVal lpszDomain As String, _
ByVal lpszPassword As String, _
ByVal dwLogonType As Integer, _
ByVal dwLogonProvider As Integer, _
ByRef phToken As IntPtr) As Integer
Declare Auto Function DuplicateToken Lib "advapi32.dll" ( _
ByVal ExistingTokenHandle As IntPtr, _
ByVal ImpersonationLevel As Integer, _
ByRef DuplicateTokenHandle As IntPtr) As Integer
Declare Auto Function RevertToSelf Lib "advapi32.dll" () As Long
Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Long
Private Function impersonateValidUser(ByVal userName As String, _
ByVal domain As String, ByVal password As String) As Boolean
Dim tempWindowsIdentity As WindowsIdentity
Dim token As IntPtr = IntPtr.Zero
Dim tokenDuplicate As IntPtr = IntPtr.Zero
impersonateValidUser = False
If RevertToSelf() Then
If LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, token) <> 0 Then
If DuplicateToken(token, 2, tokenDuplicate) <> 0 Then
tempWindowsIdentity = New WindowsIdentity(tokenDuplicate)
impersonationContext = tempWindowsIdentity.Impersonate()
If Not impersonationContext Is Nothing Then
impersonateValidUser = True
End If
End If
End If
End If
If Not tokenDuplicate.Equals(IntPtr.Zero) Then
CloseHandle(tokenDuplicate)
End If
If Not token.Equals(IntPtr.Zero) Then
CloseHandle(token)
End If
End Function
Private Sub undoImpersonation()
impersonationContext.Undo()
End Sub
Public Function CopyFiletoSite(filename As String, id As Integer) As String
Try
If impersonateValidUser(DeNull(ConfigurationManager.AppSettings("DomainUserName").ToString), DeNull(ConfigurationManager.AppSettings("DomainName").ToString), DeNull(ConfigurationManager.AppSettings("DomainPassword").ToString)) Then
'Insert your code that runs under the security context of a specific user here.
For Each File In Directory.GetFiles(HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\")
IO.File.Delete(File.ToString)
Next
If IO.File.Exists(filename) Then
Dim tmpfilename As String = id & ".tif"
IO.File.Copy(filename, (HostingEnvironment.ApplicationPhysicalPath & "Clientbin\Images\" & tmpfilename), True)
Return tmpfilename
Else
Return "Cannot find this file:" & filename & " Current user is" & ServiceSecurityContext.Current.WindowsIdentity.Name.ToString
End If
undoImpersonation()
Else
''impersonation failed"
End If
Return "Impersonate"
Catch ex As Exception
Return ex.Message
End Try
End Function