public Impersonator( string userName, string domainName, string password, WinAPI.ADVAPI32.LOGON_TYPE logonType, WinAPI.ADVAPI32.LOGON_PROVIDER logonProvider, WinAPI.ADVAPI32.SECURITY_IMPERSONATION_LEVEL impersonationLevel, bool usePrimaryToken, bool attemptEnableSeRestorePrivilege) { ImpersonateValidUser( userName, domainName, password, logonType, logonProvider, impersonationLevel, usePrimaryToken, attemptEnableSeRestorePrivilege ); }
private void ImpersonateValidUser( string userName, string domain, string password, WinAPI.ADVAPI32.LOGON_TYPE logonType, WinAPI.ADVAPI32.LOGON_PROVIDER logonProvider, WinAPI.ADVAPI32.SECURITY_IMPERSONATION_LEVEL impersonationLevel, bool usePrimaryToken, bool attemptEnableSeRestorePrivilege ) { WindowsIdentity tempWindowsIdentity = null; var token = IntPtr.Zero; var tokenDuplicate = IntPtr.Zero; try { if (WinAPI.ADVAPI32.RevertToSelf()) { if (WinAPI.ADVAPI32.LogonUser(userName, domain, password, (int)logonType, (int)logonProvider, out token)) { if (usePrimaryToken) { if (!WinAPI.ADVAPI32.DuplicateTokenEx(token, WinAPI.NETAPI32.MAXIMUM_ALLOWED, impersonationLevel, WinAPI.ADVAPI32.TOKEN_TYPE.TokenPrimary, out tokenDuplicate)) { throw new WindowsException(Marshal.GetLastWin32Error(), "Unable to impersonate user '{0}'", userName); } if (attemptEnableSeRestorePrivilege) { if (!Tools.WinTool.ModifyState(tokenDuplicate, "SeRestorePrivilege", true)) { //throw new WindowsException(Marshal.GetLastWin32Error(), "Unable to enable SeRestorePrivilege in impersonated security context"); } } } else { // use an impersonation token via simplified API call if (!WinAPI.ADVAPI32.DuplicateToken(token, impersonationLevel, out tokenDuplicate)) { throw new WindowsException(Marshal.GetLastWin32Error(), "Unable to impersonate user '{0}'", userName); } } tempWindowsIdentity = new WindowsIdentity(tokenDuplicate); _impersonationContext = tempWindowsIdentity.Impersonate(); } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } } else { throw new Win32Exception(Marshal.GetLastWin32Error()); } } finally { if (token != IntPtr.Zero) { WinAPI.KERNEL32.CloseHandle(token); } if (tokenDuplicate != IntPtr.Zero) { WinAPI.KERNEL32.CloseHandle(tokenDuplicate); } } }