// impersonate a given token
protected void ImpersonateToken(HandleRef token)
{
try {
// first revert
_savedToken = new HandleRef(this, GetCurrentToken());
if (_savedToken.Handle != IntPtr.Zero)
{
if (UnsafeNativeMethods.RevertToSelf() != 0)
{
_reverted = true;
}
}
// impersonate token if not zero
if (token.Handle != IntPtr.Zero)
{
if (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, token.Handle) == 0)
{
throw new HttpException(SR.GetString(SR.Cannot_impersonate));
}
_impersonating = true;
}
}
catch {
RestoreImpersonation();
throw;
}
}
internal void StopReimpersonation()
{
if (_reimpersonating)
{
UnsafeNativeMethods.RevertToSelf();
_reimpersonating = false;
}
}
internal void Stop()
{
if (_inProgress)
{
UnsafeNativeMethods.RevertToSelf();
_inProgress = false;
}
}
internal void Stop(bool fromAnotherThread)
{
if (fromAnotherThread)
{
UnsafeNativeMethods.RevertToSelf();
}
else
{
Stop();
}
}
internal void Suspend()
{
_token = GetCurrentToken();
if (_token != IntPtr.Zero)
{
if (UnsafeNativeMethods.RevertToSelf() != 0)
{
_revertSucceeded = true;
}
}
}
private void RestoreImpersonation()
{
if (this._impersonating)
{
UnsafeNativeMethods.RevertToSelf();
this._impersonating = false;
}
if (this._savedToken.Handle != IntPtr.Zero)
{
if (this._reverted && (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, this._savedToken.Handle) == 0))
{
throw new HttpException(System.Web.SR.GetString("Cannot_impersonate"));
}
this._reverted = false;
}
}
// restore impersonation to the original state
private void RestoreImpersonation()
{
// first revert before reimpersonating
if (_impersonating)
{
UnsafeNativeMethods.RevertToSelf();
_impersonating = false;
}
// second reimpersonate the orignal saved identity (if exists)
if (_savedToken.Handle != IntPtr.Zero)
{
if (_reverted)
{
if (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, _savedToken.Handle) == 0)
{
throw new HttpException(SR.GetString(SR.Cannot_impersonate));
}
}
_reverted = false;
}
}
protected void ImpersonateToken(HandleRef token)
{
try
{
this._savedToken = new HandleRef(this, GetCurrentToken());
if ((this._savedToken.Handle != IntPtr.Zero) && (UnsafeNativeMethods.RevertToSelf() != 0))
{
this._reverted = true;
}
if (token.Handle != IntPtr.Zero)
{
if (UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, token.Handle) == 0)
{
throw new HttpException(System.Web.SR.GetString("Cannot_impersonate"));
}
this._impersonating = true;
}
}
catch
{
this.RestoreImpersonation();
throw;
}
}
private void Init(bool appLevel, bool throwOnError)
{
if (_configKnown)
{
return;
}
lock (this) {
if (_configKnown)
{
return;
}
if (HttpRuntime.ConfigInited)
{
IdentityConfig settings = null;
IntPtr tokenToReadConfig = IntPtr.Zero;
if (_context != null && HttpRuntime.IsOnUNCShareInternal && !_inProgress)
{
// when reading config on UNC share we have to impersonate around it
// note: we are getting config here to figure out the impersonation mode
tokenToReadConfig = _context._wr.GetUserToken();
UnsafeNativeMethods.SetThreadToken(IntPtr.Zero, tokenToReadConfig);
}
try {
try {
using (new HttpContextWrapper(_context)) { // getting config might require current context
if (appLevel || _context == null)
{
if (s_appIdentityConfig != null)
{
settings = s_appIdentityConfig;
}
else
{
settings = (IdentityConfig)HttpContext.GetAppConfig("system.web/identity");
s_appIdentityConfig = settings;
}
}
else
{
settings = (IdentityConfig)_context.GetConfig("system.web/identity");
}
}
}
catch {
if (throwOnError)
{
throw;
}
}
finally {
if (tokenToReadConfig != IntPtr.Zero)
{
UnsafeNativeMethods.RevertToSelf();
}
}
}
catch { // Protect against exception filters
throw;
}
if (settings != null)
{
if (settings.EnableImpersonation)
{
if (settings.ImpersonateToken != IntPtr.Zero)
{
_mode = ImpersonationMode.Application;
_token = settings.ImpersonateToken;
}
else if (_context != null)
{
_mode = ImpersonationMode.Client;
_token = _context._wr.GetUserToken();
}
}
else
{
_mode = ImpersonationMode.None;
_token = IntPtr.Zero;
}
}
// don't remember app level setting with context
if (!appLevel)
{
_configKnown = true;
}
}
// UNC impersonation overrides everything but Application credentials
// it is in effect event before config system gets initialized
if (_context != null && HttpRuntime.IsOnUNCShareInternal && _mode != ImpersonationMode.Application)
{
_mode = ImpersonationMode.UNC;
if (_token == IntPtr.Zero)
{
_token = _context._wr.GetUserToken();
}
}
}
}
