Esempio n. 1
0
 public Impersonator(
     string userName,
     string domainName,
     string password,
     WinAPI.ADVAPI32.LOGON_TYPE logonType,
     WinAPI.ADVAPI32.LOGON_PROVIDER logonProvider,
     WinAPI.ADVAPI32.SECURITY_IMPERSONATION_LEVEL impersonationLevel,
     bool usePrimaryToken,
     bool attemptEnableSeRestorePrivilege)
 {
     ImpersonateValidUser(
         userName,
         domainName,
         password,
         logonType,
         logonProvider,
         impersonationLevel,
         usePrimaryToken,
         attemptEnableSeRestorePrivilege
         );
 }
Esempio n. 2
0
        private void ImpersonateValidUser(
            string userName,
            string domain,
            string password,
            WinAPI.ADVAPI32.LOGON_TYPE logonType,
            WinAPI.ADVAPI32.LOGON_PROVIDER logonProvider,
            WinAPI.ADVAPI32.SECURITY_IMPERSONATION_LEVEL impersonationLevel,
            bool usePrimaryToken,
            bool attemptEnableSeRestorePrivilege
            )
        {
            WindowsIdentity tempWindowsIdentity = null;
            var             token          = IntPtr.Zero;
            var             tokenDuplicate = IntPtr.Zero;

            try {
                if (WinAPI.ADVAPI32.RevertToSelf())
                {
                    if (WinAPI.ADVAPI32.LogonUser(userName, domain, password, (int)logonType, (int)logonProvider, out token))
                    {
                        if (usePrimaryToken)
                        {
                            if (!WinAPI.ADVAPI32.DuplicateTokenEx(token, WinAPI.NETAPI32.MAXIMUM_ALLOWED, impersonationLevel, WinAPI.ADVAPI32.TOKEN_TYPE.TokenPrimary, out tokenDuplicate))
                            {
                                throw new WindowsException(Marshal.GetLastWin32Error(), "Unable to impersonate user '{0}'", userName);
                            }
                            if (attemptEnableSeRestorePrivilege)
                            {
                                if (!Tools.WinTool.ModifyState(tokenDuplicate, "SeRestorePrivilege", true))
                                {
                                    //throw new WindowsException(Marshal.GetLastWin32Error(), "Unable to enable SeRestorePrivilege in impersonated security context");
                                }
                            }
                        }
                        else
                        {
                            // use an impersonation token via simplified API call
                            if (!WinAPI.ADVAPI32.DuplicateToken(token, impersonationLevel, out tokenDuplicate))
                            {
                                throw new WindowsException(Marshal.GetLastWin32Error(), "Unable to impersonate user '{0}'", userName);
                            }
                        }

                        tempWindowsIdentity   = new WindowsIdentity(tokenDuplicate);
                        _impersonationContext = tempWindowsIdentity.Impersonate();
                    }
                    else
                    {
                        throw new Win32Exception(Marshal.GetLastWin32Error());
                    }
                }
                else
                {
                    throw new Win32Exception(Marshal.GetLastWin32Error());
                }
            } finally {
                if (token != IntPtr.Zero)
                {
                    WinAPI.KERNEL32.CloseHandle(token);
                }
                if (tokenDuplicate != IntPtr.Zero)
                {
                    WinAPI.KERNEL32.CloseHandle(tokenDuplicate);
                }
            }
        }