开发者

.NET Impersonation problem

开发者 https://www.devze.com 2022-12-14 18:10 出处:网络
I read a post on .NET impersonation at http://www.dotnet247.com/247reference/msgs/28/144136.aspx, and that is the base code I am working from.

I read a post on .NET impersonation at http://www.dotnet247.com/247reference/msgs/28/144136.aspx, and that is the base code I am working from.

I'm having a problem copying a file to a network share. When finished, this console application will run on a remote server and copy files to a share on a different system. The two systems can see each other.

I am able to copy files to the remote share from my machine directly, so I have access to the share.

Here is the code. I have commented the lines that are causing issues:

Dim token1 As Integer

Dim loggedOn As Boolean = LogonUser("scotts", "MyDomain", "AwesomePw", 3, 0, token1)

Dim mWI1 As WindowsIdentity = WindowsIdentity.GetCurrent()

Dim token2 As IntPtr = New IntPtr(token1)

Dim mWI2 As WindowsIdentity = New WindowsIdentity(token2)

'This file copies a file successfully
File.Copy("c:\LogExtractorRecipients.txt", "\\RemoteServer\SHARED\QALogFiles\LogExtractorRecipients2.txt")

Dim开发者_开发问答 mWIC As WindowsImpersonationContext = mWI2.Impersonate()

'This causes the error: "Access to the path '\\RemoteServer\SHARED\QALogFiles\QALogFiles\LogExtractorRecipients.txt' is denied."
File.Copy("c:\LogExtractorRecipients.txt", "\\RemoteServer\SHARED\QALogFiles\QALogFiles\LogExtractorRecipients.txt")

I am impersonating myself (to thine own self be true), and have Read-Write permissions to the share. I am running this code locally. Before I use impersonation, I can copy a file. After impersonation, I cannot. Impersonation seems to be successful - the mWI2 variable is being populated with the name, token, and other properties. The ImpersonationLevel is 3, while before, on wMI1, the ImpersonationLevel is 0. That's about the only difference I can see.

Any suggestions?


This is a long shot, but consider calling DuplicateToken(...) before attempting to Impersonate the user as it should return a primary token that has the security context of the user.


I found the answer at http://msmvps.com/blogs/siva/archive/2007/03/01/impersonating-network-share-unc-path-access.aspx. (I should have known that I'd find it after I posted my question.)

I changed the fourth parameter from a 3 to an 8 and I was able to copy the files. Now I'll go find out exactly why that was. But my headache is already much better!

Thanks, Scott

0

精彩评论

暂无评论...
验证码 换一张
取 消