private SafeAccessTokenHandle Logon(ImpersonationSettings settings)
{
_logger.LogTrace("Setting up for impersonation");
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
var returnValue = LogonUser(settings.User, settings.Domain, settings.Password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out var safeAccessTokenHandle);
if (!returnValue)
{
var ret = Marshal.GetLastWin32Error();
var exc = new Win32Exception(ret);
_logger.LogError(exc, "LogonUser failed with error code: {Code}", ret);
throw exc;
}
// Check the identity.
_logger.LogDebug("Before impersonation: " + WindowsIdentity.GetCurrent().Name);
return(safeAccessTokenHandle);
}
/// <inheritdoc />
public async Task ExecuteAsync(ImpersonationSettings settings, Func <Task> func)
{
var safeAccessTokenHandle = Logon(settings);
await WindowsIdentity.RunImpersonatedAsync(safeAccessTokenHandle, func);
_logger.LogDebug("After impersonation: " + WindowsIdentity.GetCurrent().Name);
}
/// <inheritdoc />
public void Execute(ImpersonationSettings settings, Action action)
{
var safeAccessTokenHandle = Logon(settings);
WindowsIdentity.RunImpersonated(safeAccessTokenHandle, action);
_logger.LogDebug("After impersonation: " + WindowsIdentity.GetCurrent().Name);
}
public WindowsImpersonationTests()
{
var config = new ConfigurationBuilder()
.AddUserSecrets <WindowsImpersonationTests>(true)
.Build();
_settings = new ImpersonationSettings
{
User = config["Username"],
Password = config["Password"],
Domain = config["Domain"]
};
}
/// <summary>
/// Executes an action while impersonating a user.
/// </summary>
/// <param name="credentials"><see cref="ICredentials"/> for the user to use for impersonation.</param>
/// <param name="netOnly">Whether impersonation should be used for network access only.</param>
/// <param name="action">The action to execute in the impersonation context.</param>
public static void RunImpersonated(this ICredentials credentials, bool netOnly, Action action)
{
if (credentials == null)
{
throw new ArgumentNullException(nameof(credentials));
}
NetworkCredential Credentials = credentials.GetCredential(null, null);
using SafeAccessTokenHandle Token = new SafeAccessTokenHandle(ImpersonationSettings.LogonUser(Credentials.Domain, Credentials.UserName, Credentials.SecurePassword, netOnly));
WindowsIdentity.RunImpersonated(Token, action);
}
/// <summary>
/// Executes an action while impersonating a user.
/// </summary>
/// <param name="credentials"><see cref="ICredentials"/> for the user to use for impersonation.</param>
/// <param name="netOnly">Whether impersonation should be used for network access only.</param>
/// <param name="action">The action to execute in the impersonation context.</param>
public static void RunImpersonated(this ICredentials credentials, bool netOnly, Action action)
{
if (credentials == null)
{
throw new ArgumentNullException(nameof(credentials));
}
NetworkCredential?Credentials = credentials.GetCredential(s_HttpLocalhost, string.Empty);
if (Credentials == null)
{
throw new UnauthorizedAccessException();
}
using SafeAccessTokenHandle Token = new SafeAccessTokenHandle(ImpersonationSettings.LogonUser(Credentials.Domain, Credentials.UserName, Credentials.SecurePassword, netOnly));
WindowsIdentity.RunImpersonated(Token, action);
}
/// <inheritdoc />
public async Task <T> ExecuteAsync <T>(ImpersonationSettings settings, Func <Task <T> > func)
{
var safeAccessTokenHandle = Logon(settings);
return(await WindowsIdentity.RunImpersonatedAsync(safeAccessTokenHandle, func));
}
/// <inheritdoc />
public T Execute <T>(ImpersonationSettings settings, Func <T> func)
{
var safeAccessTokenHandle = Logon(settings);
return(WindowsIdentity.RunImpersonated(safeAccessTokenHandle, func));
}
