locked
How to impersonate another domain user interactively? RRS feed

  • Question

  • I want to do the following in a Visual Basic 2008 application created in VS2008:

    1. Display a screen to ask for a windows user and password
    2. Use that windows user and password to execute some task instead of the current windows user

    I believe it can be done thru something called impersonation.

     

    Besides coding example how to do it, I also want to know the limitation such as where it will work in different windows OS starting from Windows 2000 and later.  

     

     

    Thanks.

     

     

    Thursday, February 7, 2008 8:06 PM

Answers

  • There's more to it than just supplying a userid and password, but it's not too difficult of a task. Bear in mind that you will want to Undo the impersonation when you're finished (RevertToSelf). You may need to call Undo before impersonating if the thread that you're on already has an impersonation context. You will also need to make sure that the userid that is calling Impersonate has the appropriate logon privilege. This is dependent on the type of token you request (in essence, interactive vs. network or batch). If you need to connect to another machine on the network, then you'll need an interactive token. Otherwise, go with the least required privilege.

     

    You'll be using the WindowsIdentity class, which has a nice write-up and sample in the product documentation. Have a look and let me know if you have questions.

     

    http://msdn2.microsoft.com/en-us/library/chf6fbt4.aspx

     

    Doug Rothaus

    Visual Basic UE

    douglasr@microsoft.com

    Friday, February 8, 2008 1:02 AM