Impersonate applicationpoolidentity RRS feed

  • Question

  • I want the ability to impersonate any possible application pool identity from an installer. I can  do it for NetworkService and LocalService but I can't do it for applicationpoolIdentity "IIS APPPOOL\<apppool name>". I get LogonUser failed with error code : 1311. Exception occurred. There are currently no logon servers available to service the logon request.

    I am using code ripped from the WindowsIdentity docs run as an Nunit test called from psexec -s to execute as SYSTEM.

      using System;
        using System.Runtime.InteropServices;
        using System.Security.Principal;
        using System.Security.Permissions;
        using Microsoft.Win32.SafeHandles;
        using System.Runtime.ConstrainedExecution;
        using System.Security;
        using NUnit.Framework;
        public class ImpersonationDemo
            [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
            public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
                int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
            [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
            public extern static bool CloseHandle(IntPtr handle);
            // Test harness.
            // If you incorporate this code into a DLL, be sure to demand FullTrust.
            [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
            public void Main()
                SafeTokenHandle safeTokenHandle;
                    string userName, domainName;
                    // Get the user token for the specified user, domain, and password using the
                    // unmanaged LogonUser method.
                    // The local machine name can be used for the domain name to impersonate a user on this machine.
                    domainName = "IIS APPPOOL";
                    userName = "ASP.NET v4.0";
                    const int LOGON32_PROVIDER_DEFAULT = 0;
                    //This parameter causes LogonUser to create a primary token.
                    const int LOGON32_LOGON_INTERACTIVE = 2;
                    const int LOGON32_SERVICE = 5;
                    // Call LogonUser to obtain a handle to an access token.
                    bool returnValue = LogonUser(userName, domainName, null,
                        LOGON32_SERVICE, LOGON32_PROVIDER_DEFAULT,
                        out safeTokenHandle);
                    if (false == returnValue)
                        int ret = Marshal.GetLastWin32Error();
                        Console.WriteLine("LogonUser failed with error code : {0}", ret);
                        throw new System.ComponentModel.Win32Exception(ret);
                    using (safeTokenHandle)
                        // Check the identity.
                        Console.WriteLine("Before impersonation: "
                            + WindowsIdentity.GetCurrent().Name);
                        // Use the token handle returned by LogonUser.
                        WindowsIdentity newId = new WindowsIdentity(safeTokenHandle.DangerousGetHandle());
                        using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
                            // Check the identity.
                            Console.WriteLine("After impersonation: "
                                + WindowsIdentity.GetCurrent().Name);
                        // Releasing the context object stops the impersonation
                        // Check the identity.
                        Console.WriteLine("After closing the context: " + WindowsIdentity.GetCurrent().Name);
                catch (Exception ex)
                    Console.WriteLine("Exception occurred. " + ex.Message);
        public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
            private SafeTokenHandle()
                : base(true)
            [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
            [return: MarshalAs(UnmanagedType.Bool)]
            private static extern bool CloseHandle(IntPtr handle);
            protected override bool ReleaseHandle()
                return CloseHandle(handle);

    Dick Page

    • Moved by Bob Shen Tuesday, July 24, 2012 3:12 AM (From:Visual C# Language)
    Monday, July 23, 2012 7:14 PM


All replies