C# .NET
 

  LogonUserA, impersonation

Asked By H C
28-Jul-05 12:49 PM
Earn up to 0 extra points for answering this tough question.
Reply
Ok, I am trying to authenticate a user by Domain, then check to see if the user is in my custom database. All I want to do here is check to see if the user exists on the domain, and then the application database handles everything else about the user...Please help. Thanks The below code is right from here http://support.microsoft.com/?scid=306158 If I create a local machine user, and specify the machine name here, I am able to login. <add key="Domain" value="Machine_Name" /> But, if I specify the Domain name (which is really what I need to do), I always get Login Failed <add key="Domain" value="DOMAIN_Name" /> private void _btnLogin_Click(object sender, System.EventArgs e) { WinFormAuth wa = new WinFormAuth(); string _domain = System.Configuration.ConfigurationSettings.AppSettings["Domain"]; //Do DB Lookup try { if(wa.impersonateValidUser(_userName.Text, _domain, _password.Text)) { //Insert your code that runs under the security context of a specific user here. wa.undoImpersonation(); if(Request.QueryString["url"]==null) Response.Redirect("dashboard_summary.aspx"); else Response.Redirect(Request.QueryString["url"]); } else { //Your impersonation failed. Therefore, include a fail-safe mechanism here. _lblMessage.Text="Login Failed"; } } catch(Exception ex) { _lblMessage.Text=ex.Message; } } public class WinFormAuth { public const int LOGON32_LOGON_INTERACTIVE = 2; public const int LOGON32_PROVIDER_DEFAULT = 0; WindowsImpersonationContext impersonationContext; [DllImport("advapi32.dll")] public static extern int LogonUserA(String lpszUserName, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] public static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken); [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)] public static extern bool RevertToSelf(); [DllImport("kernel32.dll", CharSet=CharSet.Auto)] public static extern bool CloseHandle(IntPtr handle); public bool impersonateValidUser(String userName, String domain, String password) { WindowsIdentity tempWindowsIdentity; IntPtr token = IntPtr.Zero; IntPtr tokenDuplicate = IntPtr.Zero; if(RevertToSelf()) { if(LogonUserA(userName, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token) != 0) { if(DuplicateToken(token, 2, ref tokenDuplicate) != 0) { tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); impersonationContext = tempWindowsIdentity.Impersonate(); if (impersonationContext != null) { CloseHandle(token); CloseHandle(tokenDuplicate); return true; } } } } if(token!= IntPtr.Zero) CloseHandle(token); if(tokenDuplicate!=IntPtr.Zero) CloseHandle(tokenDuplicate); return false; } public void undoImpersonation() { impersonationContext.Undo(); } }

  This code fails on

Asked By Jon Wojtowicz
28-Jul-05 04:45 PM
Reply
Windows 2000 for security issues. It should work fine on Windows XP or 2003. If you are using Active Directory you might want to consider changing the code to use the System.DirectoryServices.DirectoryEntry classes to see if the user exists in the domain. Here's a link that shows you how to validate a user exisit using Active Directory http://www.c-sharpcorner.com/Code/2005/June/ADand.NET.asp

  Windows Authentication?

Asked By Daniel Schaffer
28-Jul-05 04:53 PM
Reply
If you use Windows Authentication, they won't be able to get on to the site if they aren't already authenticated on the domain. Then you can use Request.ServerVariables to grab their authentication info.

  It appears he's trying to

Asked By Jon Wojtowicz
28-Jul-05 05:03 PM
Reply
forms authentication. Windows authentication won't work through most firewalls, it's typically blocked for security reasons. Most palces use Basic over HTTPS which would authenticate the user after they login. I'm not sure what his specific requirements are so I only answered the question asked. BTW, I'm not the one who posted the question.
  This is one Windows NT 4
Asked By H C
28-Jul-05 05:22 PM
Reply
It does work fine on Windows XP and 2003. Thats what was bugging me out. This is an INTRAnet only app. What needs to happen is that the user need to go to http://machinename/website/default.aspx on this page, I want them to type in their domain username and password. Authenticate throught the domain, and then the app handles the rest. Any thoughts on how to get this to work? Thanks so much both of your for the replies. HC
  You can use windows integrated
Asked By Jon Wojtowicz
28-Jul-05 06:14 PM
Reply
authentication on the website and the user would not have to input any information. It would use their username from when they logged into their machine. Since this is an intranet app there wouldn't be the security risk of going over the internet. That code definitely does not work on NT4.
  That works great Thanks<eop>
Asked By H C
28-Jul-05 11:14 PM
Reply
.
 
Asked By Daniel Schaffer
29-Jul-05 08:34 AM
Reply
http://www.eggheadcafe.com/forums/ForumPost.asp?ID=28830&INTID=2
  Yes, the thanks was to both
Asked By H C
29-Jul-05 09:46 AM
Reply
I know that you responmded with the same answer. I was hoping to make it works with FORMS authentication, but this way will definately do. Again, thank you
Create New Account