/// <summary>
/// Starts the impersonation with the given credentials. Please note that the account that instantiates this class needs to have the 'Act as part of
/// operating system' privilege set.
/// </summary>
/// <param name="userName">
/// A string that specifies the name of the user. This is the name of the user account to log on to. If you use the user principal name (UPN) format,
/// User@DNSDomainName, the <paramref name="domainName"/> parameter must be NULL.
/// </param>
/// <param name="domainName">
/// A string that specifies the name of the domain or server whose account database contains the <paramref name="userName"/> account. If this parameter
/// is NULL, the user name must be specified in UPN format. If this parameter is ".", the account is validated by using only the local account database.
/// </param>
/// <param name="password">A string that specifies the plaintext password for the user account specified by <paramref name="userName"/>.</param>
/// <param name="logonType">
/// Type of the logon. This parameter can usually be left as the default. For more information, lookup more detail for the dwLogonType parameter of the
/// Windows LogonUser function.
/// </param>
/// <param name="provider">
/// The logon provider. This parameter can usually be left as the default. For more information, lookup more detail for the dwLogonProvider parameter of
/// the Windows LogonUser function.
/// </param>
public WindowsImpersonatedIdentity(string userName, string domainName, string password, LogonUserType logonType = LogonUserType.LOGON32_LOGON_INTERACTIVE,
LogonUserProvider provider = LogonUserProvider.LOGON32_PROVIDER_DEFAULT)
{
if (string.IsNullOrEmpty(userName))
{
throw new ArgumentNullException(nameof(userName));
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(nameof(password));
}
if (string.IsNullOrEmpty(domainName) && !userName.Contains("@"))
{
throw new ArgumentNullException(nameof(domainName));
}
SafeTokenHandle hToken;
if (LogonUser(userName, domainName, password, logonType, provider, out hToken))
{
using (hToken)
{
identity = new WindowsIdentity(hToken.DangerousGetHandle());
impersonationContext = identity.Impersonate();
}
}
else
{
throw new Win32Exception();
}
}
public static extern bool LogonUser(string lpszUserName, string lpszDomain, string lpszPassword, LogonUserType dwLogonType, LogonUserProvider dwLogonProvider,
out SafeHTOKEN phObject);
public static extern bool LogonUserExExW(string lpszUsername, [Optional] string lpszDomain, [Optional] string lpszPassword, LogonUserType dwLogonType, LogonUserProvider dwLogonProvider,
[In, Optional] in TOKEN_GROUPS pTokenGroups, out SafeHTOKEN phToken, out SafePSID ppLogonSid, out IntPtr ppProfileBuffer, out uint pdwProfileLength, out QUOTA_LIMITS pQuotaLimits);
public static extern bool LogonUserEx(string lpszUserName, string lpszDomain, string lpszPassword, LogonUserType dwLogonType, LogonUserProvider dwLogonProvider,
out SafeHTOKEN phObject, out PSID ppLogonSid, out SafeLsaReturnBufferHandle ppProfileBuffer, out uint pdwProfileLength, out QUOTA_LIMITS pQuotaLimits);
/// <summary>
/// Starts the impersonation with the given credentials. Please note that the account that instantiates this class needs to have the
/// 'Act as part of operating system' privilege set.
/// </summary>
/// <param name="userName">
/// A string that specifies the name of the user. This is the name of the user account to log on to. If you use the user principal
/// name (UPN) format, User@DNSDomainName, the <paramref name="domainName"/> parameter must be NULL.
/// </param>
/// <param name="domainName">
/// A string that specifies the name of the domain or server whose account database contains the <paramref name="userName"/> account.
/// If this parameter is NULL, the user name must be specified in UPN format. If this parameter is ".", the account is validated by
/// using only the local account database.
/// </param>
/// <param name="password">A string that specifies the plain-text password for the user account specified by <paramref name="userName"/>.</param>
/// <param name="logonType">
/// Type of the logon. This parameter can usually be left as the default. For more information, lookup more detail for the
/// dwLogonType parameter of the Windows LogonUser function.
/// </param>
/// <param name="provider">
/// The logon provider. This parameter can usually be left as the default. For more information, lookup more detail for the
/// dwLogonProvider parameter of the Windows LogonUser function.
/// </param>
public WindowsImpersonatedIdentity(string userName, string domainName, string password, LogonUserType logonType = LogonUserType.LOGON32_LOGON_INTERACTIVE,
LogonUserProvider provider = LogonUserProvider.LOGON32_PROVIDER_DEFAULT) : base(userName, domainName, password, logonType, provider) => impersonationContext = AuthenticatedIdentity.Impersonate();
