You might have faced a situation where your service has to be Impersonated for given user id and password, instead of giving access to all the users who login to the application.
So With impersonation you could just grant one account rights and make your application use those user id and password to access those resources whn every any user tries to access those resources.
Add this below class under your project.
Now comes how to use this impersonation.
Lets say u have a class and have a method, this method is trying to access some cross network resources like trying to access a file or create a file or etc. so this function needs to be impersonated so you application dose not need any special person when every any user performs an action.
So With impersonation you could just grant one account rights and make your application use those user id and password to access those resources whn every any user tries to access those resources.
Add this below class under your project.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
namespace Utility
{
///
/// Summary description for LogonAPI
///
public class LogonAPI : IDisposable
{
public const int LOGON32_LOGON_INTERACTIVE = 9;
public const int LOGON32_PROVIDER_DEFAULT = 3;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public LogonAPI()
{
throw new Exception("Improper usage of LogonAPI" + Environment.NewLine +
"use this Constructor instead:" + Environment.NewLine +
"LogonAPI(userName, domain, password)");
}
public LogonAPI(String userName, String domain, String password)
{
impersonateValidUser(userName, domain, password);
}
private WindowsImpersonationContext Impersonatecontext;
public void impersonateValidUser(String userName, String domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
Impersonatecontext=null;
if (RevertToSelf())
{
if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
Impersonatecontext = tempWindowsIdentity.Impersonate();
if (Impersonatecontext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
}
//public void undoImpersonation(WindowsImpersonationContext impersonationContext)
//{
// impersonationContext.Undo();
//}
#region IDisposable Members
public void Dispose()
{
try
{
Impersonatecontext.Undo();
Impersonatecontext.Dispose();
}
catch(Exception ex)
{
LogWriter.Current.WriteException(ex);
}
}
#endregion
}
}
Now comes how to use this impersonation.
Lets say u have a class and have a method, this method is trying to access some cross network resources like trying to access a file or create a file or etc. so this function needs to be impersonated so you application dose not need any special person when every any user performs an action.
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace ConsoleApplication2
{
public class createfileovernetwork
{
public StreamWriter mSW;
public createfileovernetwork()
{
}
public void Createfile()
{
using (LogonAPI objLogonAPI = new LogonAPI("Username", "DomainName", "Password"))
{
// do the stuf here
}
}
}
}
No comments:
Post a Comment