Click here to Skip to main content
15,887,812 members
Articles / Web Development / IIS

A small C# Class for impersonating a User

Rate me:
Please Sign up or sign in to vote.
4.94/5 (127 votes)
11 Apr 2005CPOL3 min read 1.3M   52.4K   243   192
Introduced a class that simplifies Windows Impersonation in C#.

Introduction

The term "Impersonation" in a programming context refers to a technique that executes the code under another user context than the user who originally started an application, i.e. the user context is temporarily changed once or multiple times during the execution of an application.

The reason for doing this is to perform tasks that the current user context of an application is not allowed to do. Of course you could grant the user executing an application more privileges, but usually this is a bad idea (due to security constraints) or impossible (e.g. if you don't have full administrative access to a machine to do so).

This article presents an easy-to-use class to impersonate a user. While writing this, I found out that Marc Merrit had written an article ("Windows Impersonation using C#") that uses the same Microsoft knowledge base code (from Q306158) that I have used. The code presented in my article differs in the fact that you could use it inside a using-block to safely release resources and that I use slightly more exceptions to report errors. But from a first look, both his and my article do the same job, so it's up to you to decide what to do.

(For the latest changes, please see the History section below).

Background

I wrote the Impersonator class because of a need to write a web page with ASP.NET to make a server reboot. In order to do this, I needed to impersonate the part of my code that does the actual reboot.

The constructor of the class internally calls the Windows function LogonUser through P/Invoke. Please see the MSDN documentation of the function for a full description of all three parameters (username, domain, password) to the constructor.

Please note: The user context that initiates the impersonation (i.e. not the user context to which it is switched to) needs to have the "Act as part of operating system" privilege set.

Using the code

To use the code, you simply construct the Impersonator class and pass the username, the domain and the password to the constructor. If you place an instance of the class inside a using-block, you need no further steps.

The following is a schematic example of how to use the class:

C#
... 
using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
{
   ...
   
   <code that executes under the new context>
  
   ...
}
  
...

An example project demonstrating the technique is included in the download of this article (please look at the "Program.cs" for the main demonstration source file). Also the complete source code of the class is included inside the source file "Impersonator.cs".

To include the Impersonator class into your project, simply copy and add the source file "Impersonator.cs" to your project, so that it gets compiled with your project.

Conclusion

In this article, I've shown you a small class to quickly and easily impersonate a part of your code to run under another user context. Hopefully you'll find this class useful.

For questions, comments and remarks, please use the commenting section at the bottom of this article.

References

In addition to the links in the article, the following references might be of interest:

  1. Google search for "Windows Impersonation"

History

  • 2005-04-11: Created first version of article.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Chief Technology Officer Zeta Software GmbH
Germany Germany
Uwe does programming since 1989 with experiences in Assembler, C++, MFC and lots of web- and database stuff and now uses ASP.NET and C# extensively, too. He has also teached programming to students at the local university.

➡️ Give me a tip 🙂

In his free time, he does climbing, running and mountain biking. In 2012 he became a father of a cute boy and in 2014 of an awesome girl.

Some cool, free software from us:

Windows 10 Ereignisanzeige  
German Developer Community  
Free Test Management Software - Intuitive, competitive, Test Plans.  
Homepage erstellen - Intuitive, very easy to use.  
Offline-Homepage-Baukasten

Comments and Discussions

 
GeneralGreat Job Pin
netizenk27-Aug-08 13:32
professionalnetizenk27-Aug-08 13:32 
GeneralCould not find a part of the path Pin
RugbyLeague15-Aug-08 2:35
RugbyLeague15-Aug-08 2:35 
GeneralRe: Could not find a part of the path Pin
finiduck30-Oct-08 1:27
finiduck30-Oct-08 1:27 
GeneralExcellent Pin
Emad Attia30-Jul-08 7:04
Emad Attia30-Jul-08 7:04 
GeneralDoesn't work on Windows 2000 Pin
csharpguy7612-Jun-08 21:50
csharpguy7612-Jun-08 21:50 
GeneralRe: Doesn't work on Windows 2000 Pin
juggler30-Nov-09 3:44
juggler30-Nov-09 3:44 
GeneralExtended Version Pin
Uwe Keim22-May-08 6:27
sitebuilderUwe Keim22-May-08 6:27 
GeneralRe: Extended Version Pin
Uwe Keim22-May-08 6:27
sitebuilderUwe Keim22-May-08 6:27 
namespace Zeta.EnterpriseLibrary.Tools
{
#region Using directives.
// ----------------------------------------------------------------------

using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Principal;

// ----------------------------------------------------------------------
#endregion

/////////////////////////////////////////////////////////////////////////

/// <summary>
/// Impersonation of a user. Allows to execute code under another
/// user context.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <remarks>
/// This class is based on the information in the Microsoft knowledge base
/// article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306158
///
/// Encapsulate an instance into a using-directive like e.g.:
///
/// ...
/// using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
/// {
/// ...
/// [code that executes under the new context]
/// ...
/// }
/// ...
/// </remarks>
public class Impersonator :
IDisposable
{
#region Public methods.
// ------------------------------------------------------------------

/// <summary>
/// Initializes a new instance of the <see cref="Impersonator"/> class.
/// </summary>
public Impersonator()
{
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public Impersonator(
string userName,
string domainName,
string password,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
profileBehaviour );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public Impersonator(
string userName,
string domainName,
string password,
LoginType loginType,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
profileBehaviour );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public Impersonator(
string userName,
string domainName,
SecureString password,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
profileBehaviour );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public Impersonator(
string userName,
string domainName,
SecureString password,
LoginType loginType,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
profileBehaviour );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
public Impersonator(
string userName,
string domainName,
string password )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
public Impersonator(
string userName,
string domainName,
string password,
LoginType loginType )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
public Impersonator(
string userName,
string domainName,
SecureString password )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Constructor. Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
public Impersonator(
string userName,
string domainName,
SecureString password,
LoginType loginType )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public void Impersonate(
string userName,
string domainName,
string password,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
profileBehaviour );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public void Impersonate(
string userName,
string domainName,
string password,
LoginType loginType,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
profileBehaviour );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public void Impersonate(
string userName,
string domainName,
SecureString password,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
profileBehaviour );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
public void Impersonate(
string userName,
string domainName,
SecureString password,
LoginType loginType,
ProfileBehaviour profileBehaviour )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
profileBehaviour );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
public void Impersonate(
string userName,
string domainName,
string password )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
public void Impersonate(
string userName,
string domainName,
string password,
LoginType loginType )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
public void Impersonate(
string userName,
string domainName,
SecureString password )
{
ImpersonateValidUser(
userName,
domainName,
password,
LoginType.Interactive,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Starts the impersonation with the given credentials.
/// The account that instantiates the Impersonator class
/// needs to have the 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">The login type.</param>
public void Impersonate(
string userName,
string domainName,
SecureString password,
LoginType loginType )
{
ImpersonateValidUser(
userName,
domainName,
password,
loginType,
ProfileBehaviour.DontLoad );
}

/// <summary>
/// Undoes the impersonation. Safe to call even if not yet
/// impersonized.
/// </summary>
public void Undo()
{
UndoImpersonation();
}

// ------------------------------------------------------------------
#endregion

#region IDisposable member.
// ------------------------------------------------------------------

/// <summary>
/// Performs application-defined tasks associated with freeing,
/// releasing, or resetting unmanaged resources.
/// </summary>
public void Dispose()
{
UndoImpersonation();
GC.SuppressFinalize( this );
}

/// <summary>
/// Releases unmanaged resources and performs other cleanup operations before the
/// <see cref="Impersonator"/> is reclaimed by garbage collection.
/// </summary>
~Impersonator()
{
UndoImpersonation();
}

// ------------------------------------------------------------------
#endregion

#region P/Invoke.
// ------------------------------------------------------------------

/// <summary>
/// Logons the user.
/// </summary>
/// <param name="lpszUserName">Name of the LPSZ user.</param>
/// <param name="lpszDomain">The LPSZ domain.</param>
/// <param name="lpszPassword">The LPSZ password.</param>
/// <param name="dwLogonType">Type of the dw logon.</param>
/// <param name="dwLogonProvider">The dw logon provider.</param>
/// <param name="phToken">The ph token.</param>
/// <returns></returns>
[DllImport( @"advapi32.dll", CharSet = CharSet.Auto, SetLastError = true )]
private static extern int LogonUser(
string lpszUserName,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken );

/// <summary>
/// Logons the user2.
/// </summary>
/// <param name="lpszUserName">Name of the LPSZ user.</param>
/// <param name="lpszDomain">The LPSZ domain.</param>
/// <param name="Password">The password.</param>
/// <param name="dwLogonType">Type of the dw logon.</param>
/// <param name="dwLogonProvider">The dw logon provider.</param>
/// <param name="phToken">The ph token.</param>
/// <returns></returns>
[DllImport( @"advapi32.dll", EntryPoint = @"LogonUser", CharSet = CharSet.Unicode, SetLastError = true )]
private static extern int LogonUser2(
string lpszUserName,
string lpszDomain,
IntPtr Password,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken );

/// <summary>
/// Duplicates the token.
/// </summary>
/// <param name="hToken">The h token.</param>
/// <param name="impersonationLevel">The impersonation level.</param>
/// <param name="hNewToken">The h new token.</param>
/// <returns></returns>
[DllImport( @"advapi32.dll", CharSet = CharSet.Auto, SetLastError = true )]
private static extern int DuplicateToken(
IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken );

/// <summary>
/// Reverts to self.
/// </summary>
/// <returns></returns>
[DllImport( @"advapi32.dll", CharSet = CharSet.Auto, SetLastError = true )]
private static extern bool RevertToSelf();

/// <summary>
/// Closes the handle.
/// </summary>
/// <param name="handle">The handle.</param>
/// <returns></returns>
[DllImport( @"kernel32.dll", CharSet = CharSet.Auto, SetLastError = true )]
private static extern bool CloseHandle(
IntPtr handle );

/// <summary>
///
/// </summary>
private const int LOGON32_PROVIDER_DEFAULT = 0;

[DllImport( @"userenv.dll", SetLastError = true, CharSet = CharSet.Auto )]
private static extern bool LoadUserProfile(
IntPtr hToken,
ref PROFILEINFO lpProfileInfo );

[DllImport( @"userenv.dll", SetLastError = true, CharSet = CharSet.Auto )]
private static extern bool UnloadUserProfile(
IntPtr hToken,
IntPtr hProfile );

[StructLayout( LayoutKind.Sequential )]
private struct PROFILEINFO
{
public int dwSize;
public int dwFlags;
[MarshalAs( UnmanagedType.LPTStr )]
public String lpUserName;
[MarshalAs( UnmanagedType.LPTStr )]
public String lpProfilePath;
[MarshalAs( UnmanagedType.LPTStr )]
public String lpDefaultPath;
[MarshalAs( UnmanagedType.LPTStr )]
public String lpServerName;
[MarshalAs( UnmanagedType.LPTStr )]
public String lpPolicyPath;
public IntPtr hProfile;
}

// ------------------------------------------------------------------
#endregion

#region Private methods.
// ------------------------------------------------------------------

/// <summary>
/// Does the actual impersonation.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">Type of the login.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
private void ImpersonateValidUser(
string userName,
string domainName,
string password,
LoginType loginType,
ProfileBehaviour profileBehaviour )
{
Trace.TraceInformation(
string.Format(
@"[Impersonation] About to impersonate as domain '{0}', user '{1}'.",
domainName,
userName ) );

try
{
if ( domainName != null && domainName.Length <= 0 )
{
domainName = null;
}

IntPtr token = IntPtr.Zero;

try
{
if ( RevertToSelf() )
{
if ( LogonUser(
userName,
domainName,
password,
(int)loginType,
LOGON32_PROVIDER_DEFAULT,
ref token ) != 0 )
{
if ( DuplicateToken( token, 2, ref _impersonationToken ) != 0 )
{
CheckLoadProfile( profileBehaviour );

WindowsIdentity tempWindowsIdentity =
new WindowsIdentity( _impersonationToken );
_impersonationContext =
tempWindowsIdentity.Impersonate();
}
else
{
int le = Marshal.GetLastWin32Error();
throw new Win32Exception( le );
}
}
else
{
int le = Marshal.GetLastWin32Error();
throw new Win32Exception( le );
}
}
else
{
int le = Marshal.GetLastWin32Error();
throw new Win32Exception( le );
}
}
finally
{
if ( token != IntPtr.Zero )
{
CloseHandle( token );
}
}
}
catch ( Exception x )
{
Trace.TraceError(
string.Format(
@"[Impersonation] Error impersonating as domain '{0}', user '{1}'.",
domainName,
userName ),
x );

throw;
}

Trace.TraceInformation(
string.Format(
@"[Impersonation] Successfully impersonated as domain '{0}', user '{1}'.",
domainName,
userName ) );
}

/// <summary>
/// Does the actual impersonation.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
/// <param name="loginType">Type of the login.</param>
/// <param name="profileBehaviour">The profile behaviour.</param>
private void ImpersonateValidUser(
string userName,
string domainName,
SecureString password,
LoginType loginType,
ProfileBehaviour profileBehaviour )
{
Trace.TraceInformation(
string.Format(
@"[Impersonation] About to impersonate as domain '{0}', user '{1}'.",
domainName,
userName ) );

try
{
if ( domainName != null && domainName.Length <= 0 )
{
domainName = null;
}

IntPtr token = IntPtr.Zero;
IntPtr passwordPtr = IntPtr.Zero;

try
{
if ( RevertToSelf() )
{
// Marshal the SecureString to unmanaged memory.
passwordPtr =
Marshal.SecureStringToGlobalAllocUnicode( password );

if ( LogonUser2(
userName,
domainName,
passwordPtr,
(int)loginType,
LOGON32_PROVIDER_DEFAULT,
ref token ) != 0 )
{
if ( DuplicateToken( token, 2, ref _impersonationToken ) != 0 )
{
CheckLoadProfile( profileBehaviour );

WindowsIdentity tempWindowsIdentity =
new WindowsIdentity( _impersonationToken );
_impersonationContext =
tempWindowsIdentity.Impersonate();
}
else
{
int le = Marshal.GetLastWin32Error();
throw new Win32Exception( le );
}
}
else
{
int le = Marshal.GetLastWin32Error();
throw new Win32Exception( le );
}
}
else
{
int le = Marshal.GetLastWin32Error();
throw new Win32Exception( le );
}
}
finally
{
if ( token != IntPtr.Zero )
{
CloseHandle( token );
}

// Zero-out and free the unmanaged string reference.
Marshal.ZeroFreeGlobalAllocUnicode( passwordPtr );
}
}
catch ( Exception x )
{
Trace.TraceError(
string.Format(
@"[Impersonation] Error impersonating as domain '{0}', user '{1}'.",
domainName,
userName ),
x );

throw;
}

Trace.TraceInformation(
string.Format(
@"[Impersonation] Successfully impersonated as domain '{0}', user '{1}'.",
domainName,
userName ) );
}

/// <summary>
/// Checks and loads the load profile.
/// </summary>
private void CheckLoadProfile(
ProfileBehaviour profileBehaviour )
{
if ( profileBehaviour == ProfileBehaviour.Load )
{
_profileInfo = new PROFILEINFO();
_profileInfo.dwSize = Marshal.SizeOf( _profileInfo );
_profileInfo.lpUserName = WindowsIdentity.GetCurrent().Name;

if ( LoadUserProfile( _impersonationToken, ref _profileInfo ) )
{
_profileBehaviour = profileBehaviour;
}
else
{
throw new Win32Exception( Marshal.GetLastWin32Error() );
}
}
}

/// <summary>
/// Reverts the impersonation.
/// </summary>
private void UndoImpersonation()
{
if ( _impersonationContext != null )
{
Trace.TraceInformation(
string.Format(
@"[Impersonation] About to undo impersonation." ) );

try
{
_impersonationContext.Undo();
_impersonationContext = null;
}
catch ( Exception x )
{
Trace.TraceError(
string.Format(
@"[Impersonation] Error undoing impersonation." ),
x );

throw;
}

Trace.TraceInformation(
string.Format(
@"[Impersonation] Successfully undone impersonation." ) );
}

// --

if ( _profileBehaviour == ProfileBehaviour.Load )
{
Trace.TraceInformation(
string.Format(
@"[Impersonation] About to unload user profile." ) );

try
{
if ( !UnloadUserProfile( _impersonationToken, _profileInfo.hProfile ) )
{
throw new Win32Exception( Marshal.GetLastWin32Error() );
}

_profileBehaviour = ProfileBehaviour.DontLoad;
}
catch ( Exception x )
{
Trace.TraceError(
string.Format(
@"[Impersonation] Error unloading user profile." ),
x );

throw;
}
}

if ( _impersonationToken != IntPtr.Zero )
{
CloseHandle( _impersonationToken );
_impersonationToken = IntPtr.Zero;
}
}

// ------------------------------------------------------------------
#endregion

#region Private variables.
// ------------------------------------------------------------------

private WindowsImpersonationContext _impersonationContext;

private ProfileBehaviour _profileBehaviour = ProfileBehaviour.DontLoad;
private PROFILEINFO _profileInfo;
private IntPtr _impersonationToken = IntPtr.Zero;

// ------------------------------------------------------------------
#endregion
}

/////////////////////////////////////////////////////////////////////////

/// <summary>
/// How to log in the user.
/// </summary>
public enum LoginType
{
#region Enum members.
// ------------------------------------------------------------------

/// <summary>
/// Interactive. This is the default.
/// </summary>
Interactive = 2,

/// <summary>
///
/// </summary>
Batch = 4,

/// <summary>
///
/// </summary>
Network = 3,

/// <summary>
///
/// </summary>
NetworkClearText = 0,

/// <summary>
///
/// </summary>
Service = 5,

/// <summary>
///
/// </summary>
Unlock = 7,

/// <summary>
///
/// </summary>
NewCredentials = 9

// ------------------------------------------------------------------
#endregion
}

/////////////////////////////////////////////////////////////////////////

/// <summary>
/// How to deal with the user's profile.
/// </summary>
/// <remarks>
/// 2008-05-21, suggested and implemented by Tim Daplyn
/// (TDaplyn@MedcomSoft.com).
/// </remarks>
public enum ProfileBehaviour
{
#region Enum members.
// ------------------------------------------------------------------

/// <summary>
/// Do not load the user's profile. This is the default behaviour.
/// </summary>
DontLoad,

/// <summary>
/// Load the user's profile.
/// </summary>
Load

// ------------------------------------------------------------------
#endregion
}

/////////////////////////////////////////////////////////////////////////
}
GeneralSimple, to the point, elegant Pin
Mike Devenney20-May-08 4:31
Mike Devenney20-May-08 4:31 
GeneralTo log onto another DOMAIN use change as others have shown. Pin
ToddJunk13-May-08 8:51
ToddJunk13-May-08 8:51 
GeneralRe: To log onto another DOMAIN use change as others have shown. Pin
Member 324928019-Jun-08 3:01
Member 324928019-Jun-08 3:01 
QuestionWhat about GINA Pin
thanatoster5-May-08 22:18
thanatoster5-May-08 22:18 
GeneralExcellent Pin
ffowler24-Apr-08 10:34
ffowler24-Apr-08 10:34 
GeneralWonderful Pin
dapoussin7-Apr-08 6:20
dapoussin7-Apr-08 6:20 
GeneralGreat work Pin
m.conta7-Apr-08 5:33
m.conta7-Apr-08 5:33 
Generalnot working for (remote) file operations Pin
tomtom198026-Mar-08 2:40
tomtom198026-Mar-08 2:40 
GeneralRe: not working for (remote) file operations Pin
tomtom198026-Mar-08 21:50
tomtom198026-Mar-08 21:50 
GeneralRe: not working for (remote) file operations Pin
Uwe Keim26-Mar-08 21:56
sitebuilderUwe Keim26-Mar-08 21:56 
GeneralRe: not working for (remote) file operations Pin
tomtom198027-Mar-08 3:09
tomtom198027-Mar-08 3:09 
GeneralRe: not working for (remote) file operations Pin
stancrm4-Dec-08 22:58
stancrm4-Dec-08 22:58 
GeneralDoes not work for remote local accounts [modified] Pin
Jonnystar13-Mar-08 12:46
Jonnystar13-Mar-08 12:46 
GeneralRe: Does not work for remote local accounts Pin
Uwe Keim13-Mar-08 19:01
sitebuilderUwe Keim13-Mar-08 19:01 
GeneralRe: Does not work for remote local accounts Pin
D Waterworth29-May-08 13:36
D Waterworth29-May-08 13:36 
QuestionRe: Does not work for remote local accounts Pin
A_Mano28-Jul-08 9:39
A_Mano28-Jul-08 9:39 
GeneralGetting invalid logon [modified] Pin
deerinb23-Jan-08 10:26
deerinb23-Jan-08 10:26 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.