How change access rules to file via domain administrator. VB .NET

Question

Does anybody knows, how can I change access rules to file for some users (SID) from Active Directory?

I'm signed by User1 in domain. In this domain is SuperUser (Administrator) in AD. I have pass of this account.

I want to change access rules to file via SuperUser while signed by User1

try 
    Dim strUSER As String = "superuser"
    Dim strPASSWORD As String = "qwerty123456"
    Dim strDOMAIN As String = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName

    If Not String.IsNullOrEmpty(strDOMAIN) Then
            Dim myDirectoryEntry As DirectoryEntry = New DirectoryEntry(strDOMAIN, strUSER, strPASSWORD, AuthenticationTypes.Secure)
    End If

    Dim fileName As String = "Z:\Data\Letters\Out\123.pdf"
    Console.WriteLine("Adding access control entry for " & fileName)

    AddFileSecurity(fileName, "DOMAIN\user2", FileSystemRights.Write, AccessControlType.Allow)

    Console.WriteLine("Removing access control entry from " & fileName)         

Catch e As Exception
    MsgBox(e.Message)
End Try

Answer 1

Problem solved Path of file must be like \\server\Data\Letters\Out\

full code:

Public Shared Sub Main()
  Try
    Dim strUSER As String = "superuser"
    Dim strPASSWORD As String = "qwerty12345^"
    Dim strDOMAIN As String = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName
    Dim tokenHandle As New IntPtr(0)

    Try
      If LogonUser(strUSER, strDOMAIN, strPASSWORD, 2, 0, tokenHandle) Then
        Dim newId As New WindowsIdentity(tokenHandle)
        Using impersonatedUser As WindowsImpersonationContext = newId.Impersonate()
          Dim fileName As String = "\\server\Data\Letters\Out\123.pdf"
          Dim dir As FileInfo = New FileInfo(fileName)
          Dim dirsec As FileSecurity = Nothing
          dirsec = dir.GetAccessControl(AccessControlSections.Access)
          Dim Rule As New FileSystemAccessRule("domain\user2", FileSystemRights.Read, AccessControlType.Allow)
          dirsec.AddAccessRule(Rule)
          dir.SetAccessControl(dirsec)
        End Using
        CloseHandle(tokenHandle)
      Else
        'logon failed
      End If
    Catch ex As Exception
      MsgBox(ex.Message)
    End Try
  Catch e As Exception
    MsgBox(e.Message)
  End Try
End Sub

Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal un As String, ByVal domain As String, ByVal pw As String, ByVal LogonType As Integer, ByVal LogonProvider As Integer, ByRef Token As IntPtr) As Boolean
Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean

Answer 2

I found this code which can take me a token of authentification

Private Declare Auto Function LogonUser Lib "advapi32.dll" (ByVal un As String, ByVal domain As String, ByVal pw As String, ByVal LogonType As Integer, ByVal LogonProvider As Integer, ByRef Token As IntPtr) As Boolean
    
Public Declare Auto Function CloseHandle Lib "kernel32.dll" (ByVal handle As IntPtr) As Boolean
                
Dim tokenHandle As New IntPtr(0)
                Try
                    If LogonUser(strUSER, strDOMAIN, strPASSWORD, 2, 0, tokenHandle) Then
                        Dim newId As New WindowsIdentity(tokenHandle)
                        Using impersonatedUser As WindowsImpersonationContext = newId.Impersonate()
                            'perform impersonated commands
                            Dim fileName As String = "Z:\Data\Letters\Out\123.pdf"
                            Console.WriteLine("Adding access control entry for " & fileName)
        
                          
                        End Using
                        CloseHandle(tokenHandle)
                    Else
                        'logon failed
                    End If
                Catch ex As Exception
                    'exception
                End Try

What can I do with it?...