Click here to Skip to main content
8,902,734 members and growing!
  
Email Password   Lost password?
Search within:



add
Add to your CodeProject bookmarks
Print Article
Site map
 » Languages » C# » General
Licence 
First Posted 29 Apr 2003
Views 365,739
Downloads 5,270
Bookmarked 111 times

Windows Impersonation using C#

By | 29 Apr 2003 | Article
An article demonstrating how to use Windows impersonation in your C# code
ArticleBrowse CodeStatsRevisionsAlternatives
  Discuss
Discuss this article
 60  

Impersonation

Introduction

I've been a member of the CodeProject for over 3 years now, and still haven't contributed any articles - until now.

While designing a Windows Forms-based application, to administrate containers in our Active Directory, I needed a way to allow binding to the AD using alternate credentials. Windows impersonation was the answer. This sample app demonstrates how to use unmanaged code by calling LogonUser() contained within the advapi32.dll, and pass a token handle back to your .NET application using WindowsImpersonationContext.

One of the downfalls to the LogonUser()function is that the password get passed in clear-text.

Partial Source Code

using System.Runtime.InteropServices; // DllImport
using System.Security.Principal; // WindowsImpersonationContext
using System.Security.Permissions; // PermissionSetAttribute
...

public WindowsImpersonationContext 
    ImpersonateUser(string sUsername, string sDomain, string sPassword)
{
    // initialize tokens
    IntPtr pExistingTokenHandle = new IntPtr(0);
    IntPtr pDuplicateTokenHandle = new IntPtr(0);
    pExistingTokenHandle = IntPtr.Zero;
    pDuplicateTokenHandle = IntPtr.Zero;
    
    // if domain name was blank, assume local machine
    if (sDomain == "")
        sDomain = System.Environment.MachineName;

    try
    {
        string sResult = null;

        const int LOGON32_PROVIDER_DEFAULT = 0;

        // create token
        const int LOGON32_LOGON_INTERACTIVE = 2;
        //const int SecurityImpersonation = 2;

        // get handle to token
        bool bImpersonated = LogonUser(sUsername, sDomain, sPassword, 
            LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, 
                ref pExistingTokenHandle);

        // did impersonation fail?
        if (false == bImpersonated)
        {
            int nErrorCode = Marshal.GetLastWin32Error();
            sResult = "LogonUser() failed with error code: " + 
                nErrorCode + "\r\n";

            // show the reason why LogonUser failed
            MessageBox.Show(this, sResult, "Error", 
                MessageBoxButtons.OK, MessageBoxIcon.Error);
        }

        // Get identity before impersonation
        sResult += "Before impersonation: " + 
            WindowsIdentity.GetCurrent().Name + "\r\n";

        bool bRetVal = DuplicateToken(pExistingTokenHandle, 
            (int)SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, 
                ref pDuplicateTokenHandle);

        // did DuplicateToken fail?
        if (false == bRetVal)
        {
            int nErrorCode = Marshal.GetLastWin32Error();
            // close existing handle
            CloseHandle(pExistingTokenHandle); 
            sResult += "DuplicateToken() failed with error code: " 
                + nErrorCode + "\r\n";

            // show the reason why DuplicateToken failed
            MessageBox.Show(this, sResult, "Error", 
                MessageBoxButtons.OK, MessageBoxIcon.Error);
            return null;
        }
        else
        {
            // create new identity using new primary token
            WindowsIdentity newId = new WindowsIdentity
                                        (pDuplicateTokenHandle);
            WindowsImpersonationContext impersonatedUser = 
                                        newId.Impersonate();

            // check the identity after impersonation
            sResult += "After impersonation: " + 
                WindowsIdentity.GetCurrent().Name + "\r\n";
            
            MessageBox.Show(this, sResult, "Success", 
                MessageBoxButtons.OK, MessageBoxIcon.Information);
            return impersonatedUser;
        }
    }
    catch (Exception ex)
    {
        throw ex;
    }
    finally
    {
        // close handle(s)
        if (pExistingTokenHandle != IntPtr.Zero)
            CloseHandle(pExistingTokenHandle);
        if (pDuplicateTokenHandle != IntPtr.Zero) 
            CloseHandle(pDuplicateTokenHandle);
    }
}

Points of Interest

This code won't work on Windows 98 or ME because they do not utilize user tokens. Code was built and run using Visual Studio.NET 2002 on Windows XP Service Pack 1.

One of the other uses for this code I've found is, for instantiating COM components that must run in an alternate security context to that of the logged-on user.

If anyone has a more secure method of achieving the same thing, please let me know.

History

  • Version 1.0 - 04.25.03 - First release version

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

Marc Merritt

Technical Lead
Motorcycle Road Racing Forums
United States United States

Member

Follow on Twitter Follow on Twitter
I live in southeastern Pennsylvania, USA with my lovely wife and two beautiful daughters. Life is good. My hobbies are motorcycles, motorcycles, and motorcycles.

Article Top
 
Sign Up to vote   Poor Excellent
Add a reason or comment to your vote: x
Votes of 3 or less require a comment

Comments and Discussions

 
You must Sign In to use this message board. (secure sign-in)
 
Search this forum  
 FAQ
    Noise  Layout  Per page   
  RefreshFirstPrevNext
GeneralRe: Error Code 1326 Pinmembermustiy23:17 9 Feb '10  
GeneralError 1314 Pinmemberm.aldegheri6:28 3 Aug '06  
GeneralRe: Error 1314 Pinmemberm.aldegheri22:23 3 Aug '06  
GeneralRe: Error 1314 PinmemberMunkieFish7:49 11 Apr '07  
AnswerRe: Error 1314 Pinmemberuppals13:06 12 Apr '07  
GeneralHelp needed Windows 2000 SP4 still getting 1314! -- Re: Error 1314 Pinmemberdevvvy20:41 21 Feb '08  
GeneralRe: Help needed Windows 2000 SP4 still getting 1314! -- Re: Error 1314 PinmemberMarc Merritt3:02 26 Feb '08  
If you have a global policy that overrides this setting then it explains why you cannot get it to work.
Sign In·View Thread·Permalink2.00/5 (1 vote)
Questionhow to use this in case of a local account? Pinmemberyossof elnaggar20:29 27 Jun '06  
AnswerRe: how to use this in case of a local account? Pinmemberhk1119:04 12 Jul '07  
GeneralRe: how to use this in case of a local account? Pinmemberappalanaidu Aug201120:54 8 Feb '12  
GeneralFirst call takes too long Pinmemberschweeneh6:04 4 Apr '06  
GeneralRe: First call takes too long PinmemberMarc Merritt2:24 12 Jun '06  
GeneralA similar article [modified] PinsitebuilderUwe Keim23:59 23 Apr '05  
GeneralRe: A similar article Pinmembercraigg755:57 3 Nov '06  
GeneralRe: A similar article PinsitebuilderUwe Keim6:14 3 Nov '06  
GeneralImpersonation Pinmemberchriskoiak5:13 16 Mar '04  
QuestionRe: Impersonation Pinmembertee_jay22:08 10 Apr '06  
AnswerRe: Impersonation Pinmemberhk1119:01 12 Jul '07  
GeneralRe: Impersonation PinmemberPhutphornxai1:43 19 Jul '07  
GeneralCoding Style Issues PinmemberAndy Neilson2:56 7 May '03  
GeneralRe: Coding Style Issues PinmemberMaximilian Hänel12:54 27 May '03  
GeneralRe: Coding Style Issues PinmemberAndy Neilson2:53 28 May '03  
GeneralRe: Coding Style Issues PinmemberMaximilian Hänel4:56 28 May '03  
GeneralJust to complete this PinmemberJahava4:53 25 Oct '03  
GeneralRe: Just to complete this PinmemberMarc Merritt8:42 25 Oct '03  
Last Visit: 8:14 3 Jun '12     Last Update: 4:14 3 Jun '12 123 Next »

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Mobile
Web04 | 2.5.120529.1 | Last Updated 30 Apr 2003
Article Copyright 2003 by Marc Merritt
Everything else Copyright © CodeProject, 1999-2012
Terms of Use
Layout: fixed | fluid

The Code Project Insider. Free each morning.
Http 500 Error resolution
ScrollBar Control with Different Visual Style using VB.NET 2008
Iterating through menustrip items
Mocking the generic repository
LINQ on the command-line
Stored Procedure Data Gateway
8-Puzzle solving using the A* algorithm using Python and PyGame
Simple C Hashtable
User Feedback For Long Running Tasks in ASP.NET
Authoring Documentation with DocProject and Sandcastle
ASP.NET automatic Object to UI Binding
Logging information in Oracle
Using DataPlotter implementing three kinds of Scan-converting Line Segments algorithm
Dynamically Pointing to Shared Data Sources on SQL Reporting Services using a Report Definition Customization Extension (RDCE)
Design the WCF service without implementing interface
Snail Run For Windows Phone
Merge DataGrid Header
NodeJS REST server trials to validate effective scripting
Wcf.js: Call WCF web services from Node.js
How To Lock Device Screen For Windows Mobile
A new version of my 3D asteroid game in OpenGL with C#