Temporary Identity Impersonation in ASP.NET

Posted by Ryan Baxter Tue, 27 May 2008 16:01:00 GMT

Uploading files in an ASP.NET application is relatively easy to do. Uploading to a remote machine is a little bit trickier, but certainly doable. I followed a set of instructions on aspalliance.com, but rather than declare an account to impersonate in my web.config file, I decided to do it in code. That way I could use impersonation only when needed and encapsulate it for later use.

I referred to an article on Microsoft’s Help and Support website about how to implement impersonation. Their code worked great, but I decided to put it in a class to help keep things DRY.

using System;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using System.Runtime.InteropServices;

namespace Utilities
{    
    public class ImpersonateUser
    {
        public const int LOGON32_LOGON_INTERACTIVE = 2;
        public const int LOGON32_PROVIDER_DEFAULT = 0;

        WindowsImpersonationContext impersonationContext;

        [DllImport("advapi32.dll")]
        public static extern int LogonUserA(String lpszUserName,
            String lpszDomain,
            String lpszPassword,
            int dwLogonType,
            int dwLogonProvider,
            ref IntPtr phToken);
        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern int DuplicateToken(IntPtr hToken,
            int impersonationLevel,
            ref IntPtr hNewToken);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern bool RevertToSelf();

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public static extern bool CloseHandle(IntPtr handle);

        public bool ImpersonateValidUser(String userName, String domain, String password)
        {
            WindowsIdentity tempWindowsIdentity;
            IntPtr token = IntPtr.Zero;
            IntPtr tokenDuplicate = IntPtr.Zero;

            if (RevertToSelf())
            {
                if (LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE,
                    LOGON32_PROVIDER_DEFAULT, ref token) != 0)
                {
                    if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                    {
                        tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                        impersonationContext = tempWindowsIdentity.Impersonate();
                        if (impersonationContext != null)
                        {
                            CloseHandle(token);
                            CloseHandle(tokenDuplicate);
                            return true;
                        }
                    }
                }
            }
            if (token != IntPtr.Zero)
                CloseHandle(token);
            if (tokenDuplicate != IntPtr.Zero)
                CloseHandle(tokenDuplicate);
            return false;
        }

        public void UndoImpersonation()
        {
            impersonationContext.Undo();
        }
    }
}

After referencing my Utilities namespace I was then able to impersonate the account required for uploading:

if (FileUpload1.HasFile)
{
    ImpersonateUser impersonateUser = new ImpersonateUser();

    if (impersonateUser.ImpersonateValidUser("userName", "", "password"))
    {
        FileUpload1.SaveAs(Server.MapPath("~/files/fileName.txt"));
        impersonateUser.UndoImpersonation();
    }
    else
    {
        throw new Exception("Identity impersonation has failed.");
    }   
}

*The SaveAs method of the FileUpload control requires a root path. Using Server.MapPath will provide the root path of your IIS virtual folder.

DIY Multi-Touch Pad

Posted by Ryan Baxter Fri, 23 May 2008 16:04:00 GMT

A Plea to New Communities

Posted by Ryan Baxter Wed, 21 May 2008 13:57:00 GMT

Mark Pilgrim, a Technical Writer at Google, explains his new project, Google DocType.

According to Mark, Google DocType will be an open resource for sharing web programming knowledge. As of today, it contains HOWTO articles on CSS (Cascading Style Sheets), DOM (Document Object Model) manipulation, and Web security. Links to CSS and HTML references round out the site’s content. I have no doubt that DocType is just the beginning for Google, but will this be just another W3Schools?

In numerous posts on codinghorror.com, Jeff Atwood has suggested that programmers no longer read books. Jeff believes the Internet is most programmers’ first reference choice. He has since announced a partnership with Joel Spolsky to create a community for developers. In his words:

There’s far too much great programming information trapped in forums, buried in online help, or hidden away in books that nobody buys any more. We’d like to unlock all that. Let’s create something that makes it easy to participate, and put it online in a form that is trivially easy to find.

My plea to both of these fledgling projects is best stated in the last sentence of the above quote. Please make the information trivially easy to find. I’m one of those developers using the Internet as a programming reference and I’m tired of searching for the proverbial needle in a haystack.

SEO (Search Engine Optimization) isn’t the only answer. Too many times keywords return results containing solutions for yesterday’s problems. What worked yesterday may not be today’s answer. Operating systems, software dependencies, and programming languages all change. How do we keep content relevant? Unfortunately I don’t have an answer to this problem, but perhaps Mark, Jeff, or Joel can come up with something profound. I wish them luck.

Older posts: 1 2