I am writing an ASP website that uses Forms security and Active Directory.
I allow the user to login using the Windows API:
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(string pszUsername, string pszDomain, string pszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
This gives me a Login Token Pointer which I than save in a session variable:
bool returnValue = LogonUser(txtUserName.Text, domainName, txtPassword.Text, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref TokenHandle);
if (!returnValue)
{
lblErrorMessage.Text = "Incorrect Username or Password";
lblErrorMessage.Visible = true;
return;
}
Session["TokenHandle"] = TokenHandle;
Now when I get redirected back to my Default.aspx page I want to Impersonate the user that has logged in. This way I don't have to hard code a SQL connection string user name, I can just use integrated security. I do this on Page Load as follows:
if (Session["TokenHandle"] != null)
{
IntPtr tokenHandle = new IntPtr(0);
tokenHandle = (IntPtr)Session["TokenHandle"];
WindowsIdentity.Impersonate(tokenHandle);
}
Here is the problem:
It all works great the first time I hit Default.aspx however as soon as I do a postback it looses the impersonation and I get an error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Now I know this code should work, I have used it in other project. I am just missing something here.
Also I am using DevExpress.Web.ASPxGridView.v9.2 component, I am not sure if it has anything to do with it.
Please help.