Results 1 to 2 of 2

Thread: Impersonation

  1. #1
    Join Date
    Dec 1969

    Default Impersonation

    I am trying to change Active Directory objects with ASP.NET, But as usual, it doesn&#039;t allow me to edit Active Directory objects with the user "Computer Name/ASPNET", (Standard ASPNET user). So I try to impersonate this user with an administrator domain user with necessary codes... For now, I was able to change the Current Windows User from ASPNET to domain user, but when I try to commit the changes on Active Directory, I got an error, I posted the code and the error below...<BR><BR><BR>Source Code:<BR><BR> public class WebForm1 : System.Web.UI.Page<BR> {<BR> private string[] ADFields = { "sAMAccountName",<BR> "givenName",<BR> "sn",<BR> "mail",<BR> "description",<BR> "userAccountControl",<BR> "Title"<BR> };<BR> private string Path = "Active Dir. Path";<BR> private string EntryUserName = "user";<BR> private string EntryPassword = "pass";<BR> protected System.Web.UI.WebControls.Label lblSoyisim;<BR> protected System.Web.UI.WebControls.Label lblDegisiklik;<BR> protected System.Web.UI.WebControls.Label lblDeg1;<BR> private DirectoryEntry entry;<BR><BR> class SecuUtil32<BR> {<BR> [DllImport("advapi32.dll", SetLastError=true)]<BR> public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, <BR> int dwLogonType, int dwLogonProvider, ref IntPtr TokenHandle);<BR><BR> [DllImport("kernel32.dll", CharSet=CharSet.Auto)]<BR> public extern static bool CloseHandle(IntPtr handle);<BR><BR> [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]<BR> public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, <BR> int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);<BR> }<BR><BR><BR> private void Connect()<BR> {<BR> entry = new DirectoryEntry(Path,EntryUserName,EntryPassword); <BR> }<BR><BR> <BR> private void Page_Load(object sender, System.EventArgs e)<BR> {<BR> IntPtr tokenHandle = new IntPtr(0);<BR> IntPtr dupeTokenHandle = new IntPtr(0);<BR> const int SecurityImpersonation = 2;<BR><BR> bool returnValue=SecuUtil32.LogonUser("domainadminuser" ,"domainname","userpass",3,0,ref tokenHandle);<BR> if (false == returnValue)<BR> {<BR> int ret = Marshal.GetLastWin32Error();<BR> string strErr = String.Format("LogonUser failed with error code : {0}", ret);<BR> throw new ApplicationException(strErr, null);<BR> }<BR><BR> bool retVal = SecuUtil32.DuplicateToken(tokenHandle, SecurityImpersonation, ref dupeTokenHandle);<BR> if (false == retVal)<BR> {<BR> SecuUtil32.CloseHandle(tokenHandle);<BR> throw new ApplicationException("Failed to duplicate token", null);<BR> }<BR> DirectorySearcher oSearcher = PrepareSearcher();<BR> oSearcher.Filter = ("samaccountname=username");<BR> SearchResult resEnt = oSearcher.FindOne();<BR><BR> DirectoryEntry ad = new DirectoryEntry(resEnt.Path,EntryUserName,EntryPass word);<BR> lblSoyisim.Text = ad.Properties["sn"].Value.ToString();<BR> ad.Properties["sn"].Value = "Dag";<BR> <BR> WindowsIdentity myid = new WindowsIdentity(dupeTokenHandle);<BR> <BR> WindowsIdentity oldid=null;<BR> WindowsIdentity oldid1=null;<BR> oldid1 = WindowsIdentity.GetCurrent();<BR> lblDeg1.Text = oldid1.Name.ToString();<BR> System.Security.Principal.WindowsImpersonationCont ext impersonationContext;<BR> impersonationContext = myid.Impersonate();<BR> oldid = WindowsIdentity.GetCurrent();<BR> <BR> ad.CommitChanges();<BR><BR> impersonationContext.Undo();<BR> }<BR> <BR> public System.DirectoryServices.DirectorySearcher PrepareSearcher()<BR> {<BR> Connect();<BR> DirectorySearcher mySearcher = new DirectorySearcher(entry);<BR> //DirectorySearcher mySearcher = new DirectorySearcher("(&(objectCategory=Person)(objec tClass=user))"); <BR> <BR> for ( int i = 0 ; i &#060; ADFields.Length; i++ )<BR> { <BR> mySearcher.PropertiesToLoad.Add(ADFields[i]);<BR> }<BR> return mySearcher;<BR> }<BR><BR><BR><BR>Error:<BR>General access denied error <BR>Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. <BR><BR>Exception Details: System.UnauthorizedAccessException: General access denied error <BR><BR>The ASP.NET process is not authorized to access the requested resource. For security reasons the default ASP.NET process identity is &#039;{machinename}ASPNET&#039;, which has limited privileges. Consider granting access rights to the resource to the ASP.NET process identity. <BR><BR>To grant ASP.NET write access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the "{machinename}ASPNET" user. Highlight the ASP.NET account, and check the Write box in the Allow column.<BR><BR>Source Error: <BR><BR><BR>Line 98: oldid = WindowsIdentity.GetCurrent();<BR>Line 99: <BR>Line 100: ad.CommitChanges();<BR>Line 101:<BR>Line 102: impersonationContext.Undo();<BR> <BR><BR>Source File: c:inetpubwwwrootadworkadwork.aspx.cs Line: 100 <BR><BR>Stack Trace: <BR><BR><BR>[UnauthorizedAccessException: General access denied error<BR>]<BR> System.DirectoryServices.Interop.IAds.SetInfo() +0<BR> System.DirectoryServices.DirectoryEntry.CommitChan ges()<BR> ADWork.WebForm1.Page_Load(Object sender, EventArgs e) in c:inetpubwwwrootadworkadwork.aspx.cs:100<BR> System.Web.UI.Control.OnLoad(EventArgs e)<BR> System.Web.UI.Control.LoadRecursive()<BR> System.Web.UI.Page.ProcessRequestMain()<BR><BR> <BR><BR><BR>--------------------------------------------------------------------------------<BR>Version Information: Microsoft .NET Framework Version:1.0.3705.0; ASP.NET Version:1.0.3705.0

  2. #2

    Default RE: Impersonation

    I&#039;m busy at the moment, so don&#039;t have time for more than this:<BR>You don&#039;t need DLLImports, the classes exist in .Net<BR>You need to look into the impersonation options of instead.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts