CODEWITHSUNDEEP
c#impersonationadvapi32
captainsac
captainsac

Reputation: 2490

Impersonation in C#.NET - Not able to Impersonate by LogonType 4 or 5

Below is piece of code that I am using. I am able to ogin using LogonType 9 and Provider as 0 (Default provider), but other Logon types like LogonType 4 or 5 is not working.

My Windows Server version MS Windows Server 2016 and user have been added in AdminL_LocalLogonAsBatchJob, AdminL_LocalLogonAsService and IIS_USRS group properly.

What might I have missed?

public class Impersonate
{

    [DllImport("advapi32.dll", SetLastError = true)]
    private static extern int LogonUser(IntPtr lpszUsername, IntPtr lpszDomain, IntPtr lpszPassword,
                                        int dwLogonType, int dwLogonProvider, out int phToken);

    [DllImport("kernel32.dll")]
    private static extern int FormatMessage(int dwFlags, string lpSource, int dwMessageId, int dwLanguageId,
                                            StringBuilder lpBuffer, int nSize, string[] Arguments);



    private const int FORMAT_MESSAGE_FROM_SYSTEM = 0x1000;

    private static WindowsImpersonationContext winImpersonationContext = null;

    public static string ImpersonateUser(string domain, string userName, string password, int logonType, int provider)
    {


        string msg = string.Empty;

        IntPtr UserNamePointer = IntPtr.Zero;
        IntPtr PasswordPointer = IntPtr.Zero;
        IntPtr DomainNamePointer = IntPtr.Zero;


        UserNamePointer = Marshal.SecureStringToGlobalAllocUnicode(ConvertToSecureString(userName));
        PasswordPointer = Marshal.SecureStringToGlobalAllocUnicode(ConvertToSecureString(password));
        DomainNamePointer = Marshal.SecureStringToGlobalAllocUnicode(ConvertToSecureString(domain));

        bool loggedOn = (LogonUser((IntPtr)UserNamePointer, (IntPtr)DomainNamePointer, (IntPtr)PasswordPointer, logonType,
                                    provider, out int userToken) != 0);

        if (loggedOn == false)
        {
            int apiError = Marshal.GetLastWin32Error();
            StringBuilder errorMessage = new StringBuilder(1024);
            FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, null, apiError, 0, errorMessage, 1024, null);
            msg = errorMessage.ToString();
        }
        else
        {
            msg = "Logged On True";
        }
        if (userToken != 0)
        {
            WindowsIdentity identity = new WindowsIdentity((IntPtr)userToken);
            winImpersonationContext = identity.Impersonate();
        }


        return msg;
    }
    private static SecureString ConvertToSecureString(string password)
    {
        if (password == null)
            throw new ArgumentNullException("password");

        var securePassword = new SecureString();

        foreach (char c in password)
            securePassword.AppendChar(c);

        securePassword.MakeReadOnly();
        return securePassword;
    }
    public static void UndoImpersonation()
    {
        if (winImpersonationContext != null)
        {
            winImpersonationContext.Undo();
        }
    }

}

Upvotes: 0

Views: 639

Answers (0)

Related Questions