tags:

views:

871

answers:

3
+2  Q: 

Impersonation MFC C++

Hi,

I want to impersonate other user in windows, for example: I create a directory with permission only for user A and for the administrators, when logon with user B and run .exe I want to impersonate user A to have permission to edit/remove/insert in that specific directory. How can I do it?

I found this: http://msdn.microsoft.com/en-us/library/aa374731(VS.85).aspx

Thanks for the help!

Filipe Araújo

+3  A: 

As a start, check out this article on windows user impersonation:

http://www.codeproject.com/KB/system/UserImpersonation.aspx

It should give you a place to start. If you need more controll you will need to look into Access Tokens.

QAZ  2008-10-17 10:15:19
I've done this and it works.
kenny  2008-10-17 12:21:34
A: 

I've already went to that site and didn't help because what I want it's to have the permissions of user A in user B and if you see the article it's more appropriated to create an .exe that calls the logon/login window and "physically" you are the user B and that's not what I want. What I want is to run the .exe(create in vs2008 MFC C++) in user B and gain the permissions of user A and within the .exe I can access the directories of the user A.

Thanks.

Filipe Araújo

 2008-10-17 10:32:38
A: 

If you want access to the folders of User A and the folders of User B, then you just need to setup folder permissions in such a way that administrators have permissions to get into all the folders. Normally machine administrators already have those rights. I am assuming here that are talking about normal windows user accounts, and normal machine/domain administrator accounts.

If you want to become User A its means you need User A's active permission to become that person. Impersonation is not simple (from what I have tried), you need to request access through your domain controller and negotiate that you are User B and that you have the rights to impersonate User A, generally that is done by User A and User B sharing and negotiating Credential Handles and Security Contexts. I doubt this is the type of process you're looking to follow.

Some useful functions would include:

To setup the context these are used and data is passed backwards and forwards between User A and User B to negotiate the impersonation

AcquireCredentialsHandle()
InitializeSecurityContext()
AcceptSecurityContext()
CompleteAuthToken()

Once the negotiations are complete and a security context has been created, these are used to start and stop the impersonation.

ImpersonateSecurityContext()
RevertContext()

I don't know of any other way to impersonate a user without the active participation of the user in question, or actively logging on as that user.

Hope this helps in some way.

brianb  2008-10-17 11:34:26

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS