|
| 1 | +//credit to Phillip Allan-Harding (Twitter @phillipharding) for this library. |
| 2 | +using System; |
| 3 | +using System.ComponentModel; |
| 4 | +using System.Runtime.InteropServices; |
| 5 | +using System.Security.Principal; |
| 6 | +using System.Xml.Linq; |
| 7 | + |
| 8 | +namespace Impersonate |
| 9 | +{ |
| 10 | + public enum LogonType |
| 11 | + { |
| 12 | + LOGON32_LOGON_INTERACTIVE = 2, |
| 13 | + LOGON32_LOGON_NETWORK = 3, |
| 14 | + LOGON32_LOGON_BATCH = 4, |
| 15 | + LOGON32_LOGON_SERVICE = 5, |
| 16 | + LOGON32_LOGON_UNLOCK = 7, |
| 17 | + LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Win2K or higher |
| 18 | + LOGON32_LOGON_NEW_CREDENTIALS = 9 // Win2K or higher |
| 19 | + }; |
| 20 | + |
| 21 | + public enum LogonProvider |
| 22 | + { |
| 23 | + LOGON32_PROVIDER_DEFAULT = 0, |
| 24 | + LOGON32_PROVIDER_WINNT35 = 1, |
| 25 | + LOGON32_PROVIDER_WINNT40 = 2, |
| 26 | + LOGON32_PROVIDER_WINNT50 = 3 |
| 27 | + }; |
| 28 | + |
| 29 | + public enum ImpersonationLevel |
| 30 | + { |
| 31 | + SecurityAnonymous = 0, |
| 32 | + SecurityIdentification = 1, |
| 33 | + SecurityImpersonation = 2, |
| 34 | + SecurityDelegation = 3 |
| 35 | + } |
| 36 | + |
| 37 | + class Win32NativeMethods |
| 38 | + { |
| 39 | + [DllImport("advapi32.dll", SetLastError = true)] |
| 40 | + public static extern int LogonUser(string lpszUserName, |
| 41 | + string lpszDomain, |
| 42 | + string lpszPassword, |
| 43 | + int dwLogonType, |
| 44 | + int dwLogonProvider, |
| 45 | + ref IntPtr phToken); |
| 46 | + |
| 47 | + [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] |
| 48 | + public static extern int DuplicateToken(IntPtr hToken, |
| 49 | + int impersonationLevel, |
| 50 | + ref IntPtr hNewToken); |
| 51 | + |
| 52 | + [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] |
| 53 | + public static extern bool RevertToSelf(); |
| 54 | + |
| 55 | + [DllImport("kernel32.dll", CharSet = CharSet.Auto)] |
| 56 | + public static extern bool CloseHandle(IntPtr handle); |
| 57 | + } |
| 58 | + |
| 59 | + /// <summary> |
| 60 | + /// Allows code to be executed under the security context of a specified user account. |
| 61 | + /// </summary> |
| 62 | + /// <remarks> |
| 63 | + /// |
| 64 | + /// Implements IDispose, so can be used via a using-directive or method calls; |
| 65 | + /// ... |
| 66 | + /// |
| 67 | + /// var imp = new Impersonator( "myUsername", "myDomainname", "myPassword" ); |
| 68 | + /// imp.UndoImpersonation(); |
| 69 | + /// |
| 70 | + /// ... |
| 71 | + /// |
| 72 | + /// var imp = new Impersonator(); |
| 73 | + /// imp.Impersonate("myUsername", "myDomainname", "myPassword"); |
| 74 | + /// imp.UndoImpersonation(); |
| 75 | + /// |
| 76 | + /// ... |
| 77 | + /// |
| 78 | + /// using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) ) |
| 79 | + /// { |
| 80 | + /// ... |
| 81 | + /// 1 |
| 82 | + /// ... |
| 83 | + /// } |
| 84 | + /// |
| 85 | + /// ... |
| 86 | + /// </remarks> |
| 87 | + public class Impersonator : IDisposable |
| 88 | + { |
| 89 | + private WindowsImpersonationContext _wic; |
| 90 | + |
| 91 | + /// <summary> |
| 92 | + /// Begins impersonation with the given credentials, Logon type and Logon provider. |
| 93 | + /// </summary> |
| 94 | + ///<param name = "userName" > Name of the user.</param> |
| 95 | + ///<param name = "domainName" > Name of the domain.</param> |
| 96 | + ///<param name = "password" > The password. <see cref = "System.String" /></ param > |
| 97 | + ///< param name="logonType">Type of the logon.</param> |
| 98 | + ///<param name = "logonProvider" > The logon provider. <see cref = "Mit.Sharepoint.WebParts.EventLogQuery.Network.LogonProvider" /></ param > |
| 99 | + public Impersonator(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider) |
| 100 | + { |
| 101 | + Impersonate(userName, domainName, password, logonType, logonProvider); |
| 102 | + } |
| 103 | + |
| 104 | + /// <summary> |
| 105 | + /// Begins impersonation with the given credentials. |
| 106 | + /// </summary> |
| 107 | + ///<param name = "userName" > Name of the user.</param> |
| 108 | + ///<param name = "domainName" > Name of the domain.</param> |
| 109 | + ///<param name = "password" > The password. <see cref = "System.String" /></ param > |
| 110 | + public Impersonator(string userName, string domainName, string password) |
| 111 | + { |
| 112 | + Impersonate(userName, domainName, password, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT); |
| 113 | + } |
| 114 | + |
| 115 | + /// <summary> |
| 116 | + /// Initializes a new instance of the <see cref="Impersonator"/> class. |
| 117 | + /// </summary> |
| 118 | + public Impersonator() |
| 119 | + { } |
| 120 | + |
| 121 | + /// <summary> |
| 122 | + /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. |
| 123 | + /// </summary> |
| 124 | + public void Dispose() |
| 125 | + { |
| 126 | + UndoImpersonation(); |
| 127 | + } |
| 128 | + |
| 129 | + /// <summary> |
| 130 | + /// Impersonates the specified user account. |
| 131 | + /// </summary> |
| 132 | + ///<param name = "userName" > Name of the user.</param> |
| 133 | + ///<param name = "domainName" > Name of the domain.</param> |
| 134 | + ///<param name = "password" > The password. <see cref = "System.String" /></ param > |
| 135 | + public void Impersonate(string userName, string domainName, string password) |
| 136 | + { |
| 137 | + Impersonate(userName, domainName, password, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT); |
| 138 | + } |
| 139 | + |
| 140 | + /// <summary> |
| 141 | + /// Impersonates the specified user account. |
| 142 | + /// </summary> |
| 143 | + ///<param name = "userName" > Name of the user.</param> |
| 144 | + ///<param name = "domainName" > Name of the domain.</param> |
| 145 | + ///<param name = "password" > The password. <see cref = "System.String" /></ param > |
| 146 | + ///< param name="logonType">Type of the logon.</param> |
| 147 | + ///<param name = "logonProvider" > The logon provider. <see cref = "Mit.Sharepoint.WebParts.EventLogQuery.Network.LogonProvider" /></ param > |
| 148 | + public void Impersonate(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider) |
| 149 | + { |
| 150 | + UndoImpersonation(); |
| 151 | + |
| 152 | + IntPtr logonToken = IntPtr.Zero; |
| 153 | + IntPtr logonTokenDuplicate = IntPtr.Zero; |
| 154 | + try |
| 155 | + { |
| 156 | + // revert to the application pool identity, saving the identity of the current requestor |
| 157 | + _wic = WindowsIdentity.Impersonate(IntPtr.Zero); |
| 158 | + |
| 159 | + // do logon & impersonate |
| 160 | + if (Win32NativeMethods.LogonUser(userName, |
| 161 | + domainName, |
| 162 | + password, |
| 163 | + (int)logonType, |
| 164 | + (int)logonProvider, |
| 165 | + ref logonToken) != 0) |
| 166 | + { |
| 167 | + if (Win32NativeMethods.DuplicateToken(logonToken, (int)ImpersonationLevel.SecurityImpersonation, ref logonTokenDuplicate) != 0) |
| 168 | + { |
| 169 | + var wi = new WindowsIdentity(logonTokenDuplicate); |
| 170 | + wi.Impersonate(); // discard the returned identity context (which is the context of the application pool) |
| 171 | + } |
| 172 | + else |
| 173 | + throw new Win32Exception(Marshal.GetLastWin32Error()); |
| 174 | + } |
| 175 | + else |
| 176 | + throw new Win32Exception(Marshal.GetLastWin32Error()); |
| 177 | + } |
| 178 | + finally |
| 179 | + { |
| 180 | + if (logonToken != IntPtr.Zero) |
| 181 | + Win32NativeMethods.CloseHandle(logonToken); |
| 182 | + |
| 183 | + if (logonTokenDuplicate != IntPtr.Zero) |
| 184 | + Win32NativeMethods.CloseHandle(logonTokenDuplicate); |
| 185 | + } |
| 186 | + } |
| 187 | + |
| 188 | + /// <summary> |
| 189 | + /// Stops impersonation. |
| 190 | + /// </summary> |
| 191 | + private void UndoImpersonation() |
| 192 | + { |
| 193 | + // restore saved requestor identity |
| 194 | + if (_wic != null) |
| 195 | + _wic.Undo(); |
| 196 | + _wic = null; |
| 197 | + } |
| 198 | + } |
| 199 | +} |
0 commit comments