Hi.
I am no longer able to use the API call above with Windows XP SP2 or Windows Server 2003. I understand that this is due to the way in which this api call has been amended in the new versions of the OS if called by a service.
To work around this I wanted to use impersonation on a seperate thread.
To setup the impersonation I utilise the LogonUser and DuplicateToken APIs.
I then create the new thread and assign a principal to the thread.
My question involes how to actually launch a process on the thread that I have just created so that it is launch under the credential of the duplicate token (i.e. impersonated user)?
I was under the impression that if I just created a delegate for a subroutine that performed that function and called the delegate by a:
this would start my command under the credential of the thread. This doesn't seem to be the case though and the process is launched under my own context.
Can anyone help out with this?
Thanks in advance.
I am no longer able to use the API call above with Windows XP SP2 or Windows Server 2003. I understand that this is due to the way in which this api call has been amended in the new versions of the OS if called by a service.
To work around this I wanted to use impersonation on a seperate thread.
To setup the impersonation I utilise the LogonUser and DuplicateToken APIs.
Code:
Public Sub BeginImpersonation()
Const LOGON32_PROVIDER_DEFAULT As Integer = 0
Const LOGON32_LOGON_INTERACTIVE As Integer = 2
Const SecurityImpersonation As Integer = 2
Dim win32ErrorNumber As Integer
Console.WriteLine(_password)
_tokenHandle = IntPtr.Zero
_dupeTokenHandle = IntPtr.Zero
If Not LogonUser(_username, _domainname, _password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, _tokenHandle) Then
win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
Throw New ImpersonationException(win32ErrorNumber, GetErrorMessage(win32ErrorNumber), _username, _domainname)
End If
If Not DuplicateToken(_tokenHandle, SecurityImpersonation, _dupeTokenHandle) Then
win32ErrorNumber = System.Runtime.InteropServices.Marshal.GetLastWin32Error()
CloseHandle(_tokenHandle)
Throw New ImpersonationException(win32ErrorNumber, "Unable to duplicate token!", _username, _domainname)
End If
Dim newId As New System.Security.Principal.WindowsIdentity(_dupeTokenHandle)
_impersonatedUser = newId.Impersonate()
Dim newPrin As New System.Security.Principal.WindowsPrincipal(newId)
_Principal = newPrin
Console.WriteLine("Token impersonated as: " & newId.Name)
WindowsIdentity = newId
End Sub
I then create the new thread and assign a principal to the thread.
Code:
Dim trd as system.Threading.Thread
trd.Principal = _Principal
My question involes how to actually launch a process on the thread that I have just created so that it is launch under the credential of the duplicate token (i.e. impersonated user)?
I was under the impression that if I just created a delegate for a subroutine that performed that function and called the delegate by a:
Code:
Private Delegate Sub RunCommand()
Private Sub ThreadAndLaunch
Dim t As New Thread(AddressOf RunCommand)
t.CurrentPrincipal = _Principal
t.start()
End Sub
this would start my command under the credential of the thread. This doesn't seem to be the case though and the process is launched under my own context.
Can anyone help out with this?
Thanks in advance.