We are working in Windows network (AD in use)
We have folder shared by user (access limited for this user only) User credentials are known
I need to access to that share inside my app.
Note I've read about Impersonation but what I can do is open entire application in new user context (but what I need is working as currently logged user, just access to Windows' shared folder in behalf on another user)
Would it be possible? Piece of code appreciated..
I've finally managed that and works as a harm to me!.
For those interested - please find sample method doing the job (note you need System.Security.Principal + Interop, also some API static methods need to be added )
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
public bool ImpersonateUser( string userName, string domain, string password ) {
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf ()) {
if (LogonUserA ( userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token ) != 0) {
if (DuplicateToken ( token, 2, ref tokenDuplicate ) != 0) {
tempWindowsIdentity = new WindowsIdentity ( tokenDuplicate );
impersonationContext = tempWindowsIdentity.Impersonate ();
if (impersonationContext != null) {
CloseHandle ( token );
CloseHandle ( tokenDuplicate );
return true;
}
}
}
}
if (token!= IntPtr.Zero)
CloseHandle ( token );
if (tokenDuplicate!=IntPtr.Zero)
CloseHandle ( tokenDuplicate );
return false;
}