Is there any way to impersonate for sp_OA* calls? I'm specifically using this for file system management, and I'm doing everything in TSQL to avoid DTS since there's a possibility of upgrading to 2005 and I want this solution to be cross-version. Unfortunately, I need to access remote file systems but I can't get AD permissions added t...
I've got windows authentication enabled on an ASP page so that I can grab the current user's username. This forces the ASP page to run as that user. I want to lock some files down that are currently being accessed by that page. Is there a way to have Windows Authentication enabled and still run the page under the account that IIS is runn...
We have a Sharepoint layouts page that calls a Webservice (.asmx) to get some data. We use Kerberos/Integrated Windows Auth with impersonation and for users on machines in the domain this works just fine. However for users on a VPN (ie. their machine is not in the domain) this fails. We're getting 401s on the Webservice connection... Is ...
I want to be able to securely logon to a system without having to type in username password from a windows pc on active directory. The idea is that I (the client software, running on a logged on windows machine) have some sort of token that will prove to the server that I am who I say I am (the server talks to AD to verify the token and ...
I have a finished web app that store user db in flat file, not MSSQL. Now I want to implement impersonate feature for admins. I said finished because it will be a lot of work to change the login mechanism so it is really not an option. I don't want to be logged out as admin, I just want to temporarily impersonate any users, mainly to be...
Can anyone provide a clear explanation of the difference between LOGON32__LOGON_INTERACTIVE and LOGON32_LOGON_NETWORK when used with LogonUser? The MS documentation is here. But I'm not clear what should be used. The scenario is similar to a telnet server that Windows users (local to the server, and domain users) are logging into - I ...
I need to create a program that has access to HKLM when running in a non-admin session. I have access to the admin credentials so impersonation seems to be an option.The sequence of Win32 calls is: LogonUser ImpersonateLoggedOnUser RegOpenKeyEx RegCreateKeyEx The key is successfully created on XP/2003 and fails with 'Access Denied' ...
I have an ASP.NET app using Windows authentication, and I'm testing for the existence of a file on a remote server. I'm authenticating as MYDOMAIN\my.username - this works. The file is \MYSERVER\WebShare\example.txt. This file exists. I can open it from various hosts whilst logged in as MYDOMAIN\my.username. Under Windows Explorer, the...
I have 2 web applications: one is an ASP.Net web app and the other is an ASP.Net WCF web services application. I want to the web app to the WFC web app's consume services. Eventually, these 2 apps will be communicating over a firewall. I want the user to log on to the client web app using forms authentication, authenticated by the wcf s...
Hi all, There are lots of examples of using the LogonUser Win 32 API for impersonation/delegation. What I can't seem to extrapolate from all of this is what sort of security token is returned from LogonUser when I set the logonType LOGON32_LOGON_INTERACTIVE. All I know is that it doesn't seem to work with Integrated Windows Authenticati...
After a successful call to both LogonUser and ImpersonateLoggedOnUser it doesn't appear that my process is running as the new user... system("whoami"); prints out: Chris-PC\Chris when it should be: Chris-PC\LimitedGuy Is there a function I'm not calling or something? My code: if(argc == 6) // impersonate { printf("[~] Logging...
Using my own program or others I can't get winsock to run when calling if the process is created with CreateProcessWithLogonW or CreateProcessAsUserW. It returns this error when I create the socket: WSAEPROVIDERFAILEDINIT 10106 Service provider failed to initialize. The requested service provider could not be loaded or initiali...
I'm doing some crazy impersonation stuff to get around UAC dialogs in Windows 7 so the user does not have to interact with the UI (I have the admin creds of course). I have a process running as the Administrator and elevated past UAC. The issue that I'm facing is that when I make a call to WNetAddConnection2, within this process, I am ...
I have a web-app that will reside on a production server where I want to get the user's logged in computer name, circa DOMAINNAME/USERNAME Many people have told me that I must use Impersonation/Delegation in order to get this, but no details beyond that have been provided. Originally, my tests used: Response.Write("HttpContext: ...
I am trying to get the WindowsIdentity for the computer account the current user is logged into. Currently I am using the following code to get the group membership of the current user: WindowsIdentity currentIdent = WindowsIdentity.GetCurrent(); foreach (IdentityReference indentity in currentGroups) { String groupName = indentity.Tr...
I am having a WCF service hosted in IIS on WindowsServer 2008. This service needs to write to a shared folder present on another machine(Windows XP). The shared folder has write permissions for a particular user say "X" which is present on both the machines .i.e on the server where the service is running as well as the machine where the ...
In the comments of this page: http://msdn.microsoft.com/en-us/library/12s31dhy.aspx ..it says that TransmitFile() cannot be used with UNC shares. As far as I can tell, this is the case; I get this error in Event Log when I attempt it: TransmitFile failed. File Name: \\myshare1\e$\file.zip, Impersonation Enabled: 0, Token Valid: 1, HRE...
I've a SecurityService that has a AutoLogin method, that uses the ServiceSecurityContext to find out which windows identity is calling and then tries to find the related user account in the database. This is working fine when it is called from a web site that uses impersonation and requires integrated security in IIS. The call is using t...
I have a WCF REST service that among others saves/deletes files and folders on the server. To be able to access data on the server I impersonate a user that has credential for writing/deleting from the servers hard-disk. Things work alright until i want to do 2 DELETEs in a row. Meaning a call "foo.svc/bar/1" with DELETE method it works...
I have a website that I publish in Visual Studio 2008 and then send off to other people. One of the pages needs to alter a few configuration files, so an action is executed using WindowsImpersonationContext inside a class library referenced by the website. protected void WithImpersonation(ExecuteUnderImpersonation action) { using(Wi...