« It's been one of those Old School Weeks | Main | Ridiculous MSN Messenger 6.0 Bug - anyon... »

DPAPI and WindowsImpersonationContext and the one that got away...

Posted 2003-07-29 01:23 PM in Web Services | ASP.NET | XML.

I’ve got a small C# Security Application that I’m writing an Editor for.  I was hoping to let the user run the application as whoever they choose to, and then use LogonUser to create a WindowsImpersonationContext and log them in as SOMEONE ELSE to do the DPAPI Encryption (because it will be that other use that will be decrypting the data.)

 

I’m using DPAPI with a User Store, not a Machine Store.  I’ve got a managed wrapper for DPAPI that works fine.  I’ve got a Managed “ImpersonateUser” function that returns a WindowsImpersonationContext and internally users LogonUser and also works fine.  

 

The psuedocode/gist is be basically:

 

Load App

            Do some stuff

            Load XML File

            Call ImpersonateUser (someotherguy) [succeeds and WindowsIdentity.GetCurrent().Name changes to reflect the change

            Call DPAPI to Encrypt Element Context (this works fine if I DON’T IMPERSONATE...)

                        ERROR: Win32 Marshal.GetLastWin32Error() reports “The System couldn’t find the file specified”

            Save File

            Call ImpersonationContext.Undo

Exit App

 

Apparently this is either utterly stupid of me, or noone has ever tried it.   All the doc on DPAPI is either highly theoretical “how it works internally” or very trivial “here’s how I used the Machine Store from ASP.NET  The doc on WindowsImpersonationContext is even worse.

 

Am I going to just make the user to a “RunAs” to launch my app? (which works fine, BTW)  It just would have been so nice to have a "Run As" menu item...thoughts anyone?



Tuesday, July 29, 2003 7:50:20 PM (Pacific Standard Time, UTC-08:00)
Might not ideal for you, but we ended up using UserStore/DAPI via a Windows Service, and then just set up the login user for that.
David
Wednesday, July 30, 2003 6:45:04 AM (Pacific Standard Time, UTC-08:00)
Might help (or not): http://www.netomatix.com/ImpersonateUser.aspx
Yves Reynhout
Wednesday, July 30, 2003 7:04:03 AM (Pacific Standard Time, UTC-08:00)
Did you load the user's profile? As I recall (it's been a little while, alas), you need to either LogonUser(Ex) with interactive (which loads the profile implicitly) or call LoadUserProfile to make sure it's loaded or, you'll have some issues, since the store that DPAPI's looking for won't be available.

LarsBerg
Comments are closed.

Contact

  • Scott Hanselman

Sponsors

Hosting By

Dedicated Windows Server Hosting by ORCS Web
Silverlight Store

Hot Topics

Tags

Africa (92) Agile (4) Arcade (8) ASP.NET (642) ASP.NET Ajax (5) ASP.NET Dynamic Data (21) ASP.NET MVC (76) BabySmash (18) Back to Basics (16) BCL (1) Bugs (169) Channel9 (13) Cloud (1) CodeRush (21) Coding4Fun (39) Corillian (26) DasBlog (131) Deployment (1) DevCenter (1) DevDays (5) Diabetes (61) DLR (4) eFinance (14) Gaming (115) Home Server (1) HttpHandler (16) HttpModule (21) Identity (3) IIS (16) INETA (8) Internationalization (44) IOC (1) Javascript (71) Learning .NET (114) LINQ (16) Longhorn (11) Microsoft (82) Mix (17) Mobile (2) Mono (2) Movies (44) MSBuild (1) MSDN (4) Musings (506) Nant (39) NCover (12) NDC (11) NDoc (6) NerdDinner (4) NotNorthwind (2) NUnit (47) Open Source (24) PDC (65) Personal (2) PHP (3) Podcast (204) PowerShell (62) Programming (251) Python (3) Remote Work (9) Reviews (142) Ruby (61) Screencasts (22) Silverlight (37) Source Code (61) Speaking (191) Subversion (15) TechEd (127) Thabo (3) Tools (425) VB (8) ViewState (19) Vista (2) VS2010 (2) Watir (21) Web Services (433) Win7 (16) Windows Client (50) WPF (36) XML (292) XmlSerializer (32) Zenzo (38)

Calendar

<November 2009>
SunMonTueWedThuFriSat
25262728293031
1234567
891011121314
15161718192021
22232425262728
293012345
Posts in timeline
Posts in Large Calendar

Archives

November, 2009 (5)
October, 2009 (19)
September, 2009 (11)
August, 2009 (12)
July, 2009 (21)
June, 2009 (26)
May, 2009 (16)
April, 2009 (13)
March, 2009 (17)
February, 2009 (17)
January, 2009 (18)
December, 2008 (32)
November, 2008 (17)
October, 2008 (22)
September, 2008 (16)
August, 2008 (14)
July, 2008 (25)
June, 2008 (19)
May, 2008 (17)
April, 2008 (17)
March, 2008 (26)
February, 2008 (21)
January, 2008 (28)
December, 2007 (19)
November, 2007 (17)
October, 2007 (31)
September, 2007 (39)
August, 2007 (37)
July, 2007 (43)
June, 2007 (37)
May, 2007 (32)
April, 2007 (38)
March, 2007 (29)
February, 2007 (46)
January, 2007 (31)
December, 2006 (27)
November, 2006 (31)
October, 2006 (32)
September, 2006 (39)
August, 2006 (34)
July, 2006 (40)
June, 2006 (18)
May, 2006 (31)
April, 2006 (34)
March, 2006 (30)
February, 2006 (38)
January, 2006 (44)
December, 2005 (19)
November, 2005 (34)
October, 2005 (24)
September, 2005 (37)
August, 2005 (20)
July, 2005 (24)
June, 2005 (33)
May, 2005 (16)
April, 2005 (22)
March, 2005 (34)
February, 2005 (15)
January, 2005 (37)
December, 2004 (28)
November, 2004 (30)
October, 2004 (34)
September, 2004 (22)
August, 2004 (34)
July, 2004 (18)
June, 2004 (64)
May, 2004 (49)
April, 2004 (21)
March, 2004 (29)
February, 2004 (29)
January, 2004 (36)
December, 2003 (25)
November, 2003 (24)
October, 2003 (59)
September, 2003 (42)
August, 2003 (24)
July, 2003 (44)
June, 2003 (29)
May, 2003 (21)
April, 2003 (30)
March, 2003 (27)
February, 2003 (47)
January, 2003 (50)
December, 2002 (31)
November, 2002 (38)
October, 2002 (44)
September, 2002 (15)
May, 2002 (2)
April, 2002 (4)

Google Ads