LogonUser and delegation

Question

I\'m using the LogonUser win32 api:

token = LogonUser(...)
WindowsIdentity newId = new WindowsIdentity(token);            
WindowsImpersonationContext impers         


        

Answer 1

after this I'm not able to use the impersonated identity

The impersonation should be effective for access on the same box, but not on the network.

It may be, as consultutah's code shows, that you just need to call DuplicateToken() in order to convert the logon token to an impersonation token before it can be used.

I think this is because impersonatedUser.ImpersonationLevel equals Impersonation.

If you need to act as the impersonated user to other systems, you need a higher level of impersonation called 'delegation'. This is basically equivalent to having the user's password so you can represent yourself as them to others.