/// <summary>
/// Impersonate a windows logon user only for the duration of the specified action.
/// </summary>
/// <param name="userName">windows account with optional domain</param>
/// <param name="password"></param>
/// <param name="runAs"></param>
public static void Run(string userName, string password, Action runAs)
{
using (var iu = new ImpersonateUser(userName, password))
{
runAs();
}
}
/// <summary>
/// Verify Windows username logon exists, password works,
/// AND belongs to the local Administrators group.
/// </summary>
/// <param name="username">Username may be in either UPN or SAM formats.</param>
/// <param name="password"></param>
/// <returns>True if successful</returns>
public static bool ValidateAdminCredentials(string username, string password)
{
bool ok = false;
try
{
using (var iu = new ImpersonateUser(username, password))
{
ok = UserAccount.IsAdministrator();
}
}
catch (Win32Exception ex) //ImpersonateUser uses LogonUser() Win32 API.
{
LOG.Error(ex, "");
//Not fatal. Login failed -> Validation failed, thus returns false.
}
catch (Exception ex)
{
LOG.Error(ex, "");
throw ex.PrefixMessage(string.Format("UserAccount.ValidateAdminCredentials(\"{0}\", \"*****\")", username));
}
return(ok);
}
