// impersonate a given token protected void ImpersonateToken(HandleRef token) { try { // first revert _savedToken = new HandleRef(this, GetCurrentToken()); if (_savedToken.Handle != IntPtr.Zero) { if (UnsafeNativeMethods.RevertToSelf() != 0) { _reverted = true; } } // impersonate token if not zero if (token.Handle != IntPtr.Zero) { if (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, token.Handle) == 0) { throw new HttpException(SR.GetString(SR.Cannot_impersonate)); } _impersonating = true; } } catch { RestoreImpersonation(); throw; } }
internal void StopReimpersonation() { if (_reimpersonating) { UnsafeNativeMethods.RevertToSelf(); _reimpersonating = false; } }
internal void Stop() { if (_inProgress) { UnsafeNativeMethods.RevertToSelf(); _inProgress = false; } }
internal void Stop(bool fromAnotherThread) { if (fromAnotherThread) { UnsafeNativeMethods.RevertToSelf(); } else { Stop(); } }
internal void Suspend() { _token = GetCurrentToken(); if (_token != IntPtr.Zero) { if (UnsafeNativeMethods.RevertToSelf() != 0) { _revertSucceeded = true; } } }
private void RestoreImpersonation() { if (this._impersonating) { UnsafeNativeMethods.RevertToSelf(); this._impersonating = false; } if (this._savedToken.Handle != IntPtr.Zero) { if (this._reverted && (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, this._savedToken.Handle) == 0)) { throw new HttpException(System.Web.SR.GetString("Cannot_impersonate")); } this._reverted = false; } }
// restore impersonation to the original state private void RestoreImpersonation() { // first revert before reimpersonating if (_impersonating) { UnsafeNativeMethods.RevertToSelf(); _impersonating = false; } // second reimpersonate the orignal saved identity (if exists) if (_savedToken.Handle != IntPtr.Zero) { if (_reverted) { if (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, _savedToken.Handle) == 0) { throw new HttpException(SR.GetString(SR.Cannot_impersonate)); } } _reverted = false; } }
protected void ImpersonateToken(HandleRef token) { try { this._savedToken = new HandleRef(this, GetCurrentToken()); if ((this._savedToken.Handle != IntPtr.Zero) && (UnsafeNativeMethods.RevertToSelf() != 0)) { this._reverted = true; } if (token.Handle != IntPtr.Zero) { if (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, token.Handle) == 0) { throw new HttpException(System.Web.SR.GetString("Cannot_impersonate")); } this._impersonating = true; } } catch { this.RestoreImpersonation(); throw; } }
private void Init(bool appLevel, bool throwOnError) { if (_configKnown) { return; } lock (this) { if (_configKnown) { return; } if (HttpRuntime.ConfigInited) { IdentityConfig settings = null; IntPtr tokenToReadConfig = IntPtr.Zero; if (_context != null && HttpRuntime.IsOnUNCShareInternal && !_inProgress) { // when reading config on UNC share we have to impersonate around it // note: we are getting config here to figure out the impersonation mode tokenToReadConfig = _context._wr.GetUserToken(); UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, tokenToReadConfig); } try { try { using (new HttpContextWrapper(_context)) { // getting config might require current context if (appLevel || _context == null) { if (s_appIdentityConfig != null) { settings = s_appIdentityConfig; } else { settings = (IdentityConfig)HttpContext.GetAppConfig("system.web/identity"); s_appIdentityConfig = settings; } } else { settings = (IdentityConfig)_context.GetConfig("system.web/identity"); } } } catch { if (throwOnError) { throw; } } finally { if (tokenToReadConfig != IntPtr.Zero) { UnsafeNativeMethods.RevertToSelf(); } } } catch { // Protect against exception filters throw; } if (settings != null) { if (settings.EnableImpersonation) { if (settings.ImpersonateToken != IntPtr.Zero) { _mode = ImpersonationMode.Application; _token = settings.ImpersonateToken; } else if (_context != null) { _mode = ImpersonationMode.Client; _token = _context._wr.GetUserToken(); } } else { _mode = ImpersonationMode.None; _token = IntPtr.Zero; } } // don't remember app level setting with context if (!appLevel) { _configKnown = true; } } // UNC impersonation overrides everything but Application credentials // it is in effect event before config system gets initialized if (_context != null && HttpRuntime.IsOnUNCShareInternal && _mode != ImpersonationMode.Application) { _mode = ImpersonationMode.UNC; if (_token == IntPtr.Zero) { _token = _context._wr.GetUserToken(); } } } }