CODEWITHSUNDEEP
asp.netsecurityimpersonation
Rush Frisby
Rush Frisby

Reputation: 11454

Dynamic impersonation in asp.net

Is there a way to dynamically impersonate a user in asp.net? I need to do the impersonation within the context of each request because the impersonated user may be different each time. This is why I cannot use the web.config, as it would apply to all requests.

Upvotes: 0

Views: 711

Answers (1)

Hector Sanchez
Hector Sanchez

Reputation: 2317

I don't remember where I got this class. But this should work good for you.

using System;
using System.Security.Principal;
using System.Runtime.InteropServices;

public class Impersonation
    {
        public static int LOGON32_LOGON_INTERACTIVE = 2;
        public static int LOGON32_PROVIDER_DEFAULT = 0;

        [DllImport("advapi32.dll")]
        public static extern int LogonUserA(string lpxzUsername, string lpzDomain, string lpzPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
        [DllImport("advapi32.dll")]
        public static extern int DuplicateToken(IntPtr ExistingTokenHandle, int ImpersonationLevel, ref IntPtr DuplicateTokenHandle);
        [DllImport("advapi32.dll")]
        public static extern long RevertToSelf();

        [DllImport("Kernel32.dll")]
        public static extern long CloseHandle(IntPtr handle);

        public static WindowsImpersonationContext impersonationContext;

        public static bool impersonateValidUser(string userName, string domain, string password)
        {
            WindowsIdentity tempWindowsIdentity;
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;
            bool ValidUser = false;

            if (RevertToSelf() != 0)
            {
                if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0)
                {
                    if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                    {
                        tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                        impersonationContext = tempWindowsIdentity.Impersonate();
                        if (impersonationContext != null)
                        {
                            ValidUser = true;
                        }
                    }
                }
            }

            if (!tokenDuplicate.Equals(IntPtr.Zero))
            {
                CloseHandle(tokenDuplicate);
            }
            if (!token.Equals(IntPtr.Zero))
            {
                CloseHandle(token);
            }
            return ValidUser;

        }

        public static void undoImpersonation()
        {
            try
            {
                impersonationContext.Undo();
            }
            catch
            {
            }
        }
    }

Then You just call It like

Impersonation.impersonateValidUser("user", "domain", "password");

Hope it helps.

Upvotes: 3

Related Questions