/// <summary> /// Starts the impersonation with the given credentials. Please note that the account that instantiates this class needs to have the 'Act as part of /// operating system' privilege set. /// </summary> /// <param name="userName"> /// A string that specifies the name of the user. This is the name of the user account to log on to. If you use the user principal name (UPN) format, /// User@DNSDomainName, the <paramref name="domainName"/> parameter must be NULL. /// </param> /// <param name="domainName"> /// A string that specifies the name of the domain or server whose account database contains the <paramref name="userName"/> account. If this parameter /// is NULL, the user name must be specified in UPN format. If this parameter is ".", the account is validated by using only the local account database. /// </param> /// <param name="password">A string that specifies the plaintext password for the user account specified by <paramref name="userName"/>.</param> /// <param name="logonType"> /// Type of the logon. This parameter can usually be left as the default. For more information, lookup more detail for the dwLogonType parameter of the /// Windows LogonUser function. /// </param> /// <param name="provider"> /// The logon provider. This parameter can usually be left as the default. For more information, lookup more detail for the dwLogonProvider parameter of /// the Windows LogonUser function. /// </param> public WindowsImpersonatedIdentity(string userName, string domainName, string password, LogonUserType logonType = LogonUserType.LOGON32_LOGON_INTERACTIVE, LogonUserProvider provider = LogonUserProvider.LOGON32_PROVIDER_DEFAULT) { if (string.IsNullOrEmpty(userName)) { throw new ArgumentNullException(nameof(userName)); } if (string.IsNullOrEmpty(password)) { throw new ArgumentNullException(nameof(password)); } if (string.IsNullOrEmpty(domainName) && !userName.Contains("@")) { throw new ArgumentNullException(nameof(domainName)); } SafeTokenHandle hToken; if (LogonUser(userName, domainName, password, logonType, provider, out hToken)) { using (hToken) { identity = new WindowsIdentity(hToken.DangerousGetHandle()); impersonationContext = identity.Impersonate(); } } else { throw new Win32Exception(); } }
public static extern bool LogonUser(string lpszUserName, string lpszDomain, string lpszPassword, LogonUserType dwLogonType, LogonUserProvider dwLogonProvider, out SafeHTOKEN phObject);
public static extern bool LogonUserExExW(string lpszUsername, [Optional] string lpszDomain, [Optional] string lpszPassword, LogonUserType dwLogonType, LogonUserProvider dwLogonProvider, [In, Optional] in TOKEN_GROUPS pTokenGroups, out SafeHTOKEN phToken, out SafePSID ppLogonSid, out IntPtr ppProfileBuffer, out uint pdwProfileLength, out QUOTA_LIMITS pQuotaLimits);
public static extern bool LogonUserEx(string lpszUserName, string lpszDomain, string lpszPassword, LogonUserType dwLogonType, LogonUserProvider dwLogonProvider, out SafeHTOKEN phObject, out PSID ppLogonSid, out SafeLsaReturnBufferHandle ppProfileBuffer, out uint pdwProfileLength, out QUOTA_LIMITS pQuotaLimits);
/// <summary> /// Starts the impersonation with the given credentials. Please note that the account that instantiates this class needs to have the /// 'Act as part of operating system' privilege set. /// </summary> /// <param name="userName"> /// A string that specifies the name of the user. This is the name of the user account to log on to. If you use the user principal /// name (UPN) format, User@DNSDomainName, the <paramref name="domainName"/> parameter must be NULL. /// </param> /// <param name="domainName"> /// A string that specifies the name of the domain or server whose account database contains the <paramref name="userName"/> account. /// If this parameter is NULL, the user name must be specified in UPN format. If this parameter is ".", the account is validated by /// using only the local account database. /// </param> /// <param name="password">A string that specifies the plain-text password for the user account specified by <paramref name="userName"/>.</param> /// <param name="logonType"> /// Type of the logon. This parameter can usually be left as the default. For more information, lookup more detail for the /// dwLogonType parameter of the Windows LogonUser function. /// </param> /// <param name="provider"> /// The logon provider. This parameter can usually be left as the default. For more information, lookup more detail for the /// dwLogonProvider parameter of the Windows LogonUser function. /// </param> public WindowsImpersonatedIdentity(string userName, string domainName, string password, LogonUserType logonType = LogonUserType.LOGON32_LOGON_INTERACTIVE, LogonUserProvider provider = LogonUserProvider.LOGON32_PROVIDER_DEFAULT) : base(userName, domainName, password, logonType, provider) => impersonationContext = AuthenticatedIdentity.Impersonate();