impersonation

I implemented a web page (ASP .NET, VB) to start/stop a Windows service. I used impersonification, as described here: http://support.microsoft.com/kb/306158 Everything it's ok when the page reads the service's status: _domain = Me.TextBoxDomain.Text _user = Me.TextBoxUserName.Text _password = Me.TextBoxPassword.Text _s = New ServiceController(Constant.ServiceName) If impersonateValidUser(_user, _domain, _password) Then Me.LabelServerStatusValue.Text = _s.Status.ToString undoImpersonation() Else 'Error End If The problem occurs when the page tries to start (or stop) the service: _domain = Me

My project invoves a user connecting from client to web service, and then web service to SQL Server. The web services and SQL Server are on separate machines. Because of security requirements, we cannot used mixed mode in SQL Server, only Windows authentication. We are experiencing the "double-hop" issue between web service and SQL Server. We are using NTLM authentication and do not want to configure Kerberos because of the overhead and learning curve. We also don't want to have the web service and SQL Server on the same machine. From what I understand, all of our requirements make this

I'm working a service, which should impersonate the logged on user. My code so far, with basic error handling: // get the active console session ID of the logged on user if ( !WTSQueryUserToken( WTSGetActiveConsoleSessionId(), &hToken ) ) { ShowErrorText( "WTSQueryUserToken failed.", GetLastError( ), true ); return; } HANDLE hDuplicated; // duplicate the token if ( !DuplicateToken( hToken, SecurityImpersonation, &hDuplicated ) ) { ShowErrorText( "DuplicateToken failed.", GetLastError( ), true ); } else { ShowErrorText( "DuplicateToken succeeded.", 0, true ); } // impersonate the logged on user

I'm trying to use ServerManager.OpenRemote (from Microsoft.Web.Administration) but am unable to find documentation on how to give it different credentials from the current user. I tried SimpleImpersonation (from How do you do Impersonation in .NET? ) and it gives me the same error: System.UnauthorizedAccessException - Retrieving the COM class factory for remote component with CLSID {2B72133B-3F5B-4602-8952-803546CE3344} from machine [...] failed due to the following error: 80070005 [...]." Firewall on the remote machine is off. UAC is disabled. Ricardo Stuven You must enable the remote server

I've recently written an application that impersonate user account, get a handle to CURRENT_USER registry key (using PInvoke "LoadUserProfile" to retrieve ProfileInfo.hProfile object) and create registry key using RegistryKey.FromHandle. Reference code: using (WindowsImpersonationContext impersonatedUser = WindowsIdentity.Impersonate(hToken)) { using (SafeRegistryHandle safeHandle = new SafeRegistryHandle(hProfile, true)) { using (RegistryKey impersonatedUserHkcu = RegistryKey.FromHandle(safeHandle, RegistryView.Default)) { // Do something with registry } } } This piece of code works good (run

I need to be able to run RegLoadKey() on a remote machine, and it may be that my machine and the remote machine are not in the same domain. If they are, the below code works OK and I can impersonate a user that has admin privileges on the machine. Otherwise, if we're talking about local users, according to this discussion I found... http://www.eggheadcafe.com/conversation.aspx?messageid=34224301&threadid=34224226 ...There has to be a local user on my machine with the same username and password. Ugh. Is there a way around that? using System.Runtime.InteropServices; using System.Security

I have a Symfony application with two firewalls, one for admins and one for normal users. admin: provider: admin # etc main_site: form_login: provider: fos_userbundle csrf_provider: form.csrf_provider I'd like admin users to be able to impersonate normal users. How can I do this, given that they're using separate firewalls and separate user providers? Sam There were several things I had to do to get this to work. Context key: As described here , I had to give both firewalls the same context. Without this, admins were taken to the login page when trying to switch users. Config on both firewalls