I need to impersonate myself as a domain user in a ASP.NET application running on VMWare machine. Since the VMWare machine is not itself in the domain, ASP.NET is unable to resolve the user token (specified in web.config). Is there a way to do that?
Thanks in advance, Petr
I use this class I wrote all the time and it works like a charm!
using System;
using System.Security.Principal;
/// <summary>
/// Changes the security context the application runs under.
/// </summary>
public class ImpersonateHelper : IDisposable
{
[System.Runtime.InteropServices.DllImport("Kernel32")]
private extern static Boolean CloseHandle(IntPtr handle);
private IntPtr _token = IntPtr.Zero;
private WindowsImpersonationContext _impersonatedUser = null;
public IntPtr Token
{
get { return _token; }
set { _token = value; }
}
public ImpersonateHelper(IntPtr token)
{
_token = token;
}
/// <summary>
/// Switch the user to that set by the Token property
/// </summary>
public void Impersonate()
{
if (_token == IntPtr.Zero)
_token = WindowsIdentity.GetCurrent().Token;
_impersonatedUser = WindowsIdentity.Impersonate(_token);
}
/// <summary>
/// Revert to the identity (user) before Impersonate() was called
/// </summary>
public void Undo()
{
if (_impersonatedUser != null)
_impersonatedUser.Undo();
}
#region IDisposable Members
private bool _isDisposed;
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (!_isDisposed)
{
if (disposing)
{
if (_impersonatedUser != null)
_impersonatedUser.Dispose();
}
CloseHandle(_token);
_token = IntPtr.Zero;
}
_isDisposed = true;
}
~ImpersonateHelper()
{
Dispose(false);
}
#endregion
}
Then you call it from the client class as:
//Run task as the impersonated user and not as NETWORKSERVICE or ASPNET (in IIS5)
try{
impersonate.Impersonate();
//Do work that needs to run as domain user here...
}
finally
{
//Revert impersonation to NETWORKSERVICE or ASPNET
if (impersonate != null)
{
impersonate.Undo();
impersonate.Dispose();
}
}
Good Luck!
This may be the dumb obvious answer, but you could add your VMWare machine to the domain.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 走好不送 的文章《ASP.NET: Impersonate against a domain on VMWare》','https://www.manongdao.com/article-418166.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}