/// <summary> /// Returns the windows principal associated with a user name security token. /// </summary> /// <param name="identityToken">The identity token.</param> /// <param name="interactive">Whether to logon interactively (slow).</param> /// <returns>The impersonation context (must be disposed to reverse impersonation).</returns> public static ImpersonationContext LogonUser(UserNameSecurityToken identityToken, bool interactive) { if (identityToken == null) { throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Secuirty token is not a valid username token."); } // extract the username and domain from the security token. string username = identityToken.UserName; string domain = null; int index = username.IndexOf('\\'); if (index != -1) { domain = username.Substring(0, index); username = username.Substring(index + 1); } // validate the credentials. IntPtr handle = IntPtr.Zero; int result = Win32.LogonUserW( username, domain, identityToken.Password, (interactive) ? Win32.LOGON32_LOGON_INTERACTIVE : Win32.LOGON32_LOGON_NETWORK, Win32.LOGON32_PROVIDER_DEFAULT, ref handle); if (result == 0) { result = Marshal.GetLastWin32Error(); throw ServiceResultException.Create( StatusCodes.BadIdentityTokenRejected, "Could not logon as user '{0}'. Reason: {1}.", identityToken.UserName, result); } try { WindowsIdentity identity = new WindowsIdentity(handle); ImpersonationContext context = new ImpersonationContext(); context.Principal = new WindowsPrincipal(identity); context.Context = identity.Impersonate(); context.Handle = handle; return(context); } catch (Exception e) { Win32.CloseHandle(handle); throw e; } }
/// <summary> /// An overrideable version of the Dispose. /// </summary> protected virtual void Dispose(bool disposing) { if (Handle != IntPtr.Zero) { Win32.CloseHandle(Handle); Handle = IntPtr.Zero; } }
/// <summary> /// An overrideable version of the Dispose. /// </summary> protected virtual void Dispose(bool disposing) { if (disposing) { if (Context != null) { Context.Dispose(); Context = null; } } if (Handle != IntPtr.Zero) { Win32.CloseHandle(Handle); Handle = IntPtr.Zero; } }
/// <summary> /// Verifies that the security token is a valid windows user. /// </summary> /// <param name="identityToken">The security token.</param> public static void VerifyPassword(UserNameSecurityToken identityToken) { if (identityToken == null) { throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Secuirty token is not a valid username token."); } // extract the username and domain from the security token. string username = identityToken.UserName; string domain = null; int index = username.IndexOf('\\'); if (index != -1) { domain = username.Substring(0, index); username = username.Substring(index + 1); } IntPtr handle = IntPtr.Zero; int result = Win32.LogonUserW( username, domain, identityToken.Password, Win32.LOGON32_LOGON_NETWORK, Win32.LOGON32_PROVIDER_DEFAULT, ref handle); if (result == 0) { throw ServiceResultException.Create(StatusCodes.BadIdentityTokenRejected, "Login failed for user: {0}", username); } Win32.CloseHandle(handle); }