locked
WindowsImpersonationContext Question RRS feed

  • Question

  • I have an application I am working on for a client. This application is running as a local admin, but I have to query ActiveDirectory. All users have domain query rights so I was attempting to have a part of my application capture the users token and store it in the registry and then elevate. Once it elevated it would the grab that token and evelvate the ad query and then dispose of the token. When I try to do this I get "Invalid token for impersonation - it cannot be duplicated."

    Is it possible to do what I want to do?

    Here is my code:

                WindowsIdentity UserIdent;
                WindowsImpersonationContext UserContext;
    
                if (Registry.LocalMachine.OpenSubKey("SOFTWARE").GetValue("UserToken") == null)
                {
                    Registry.LocalMachine.OpenSubKey("SOFTWARE", true).SetValue("UserToken", WindowsIdentity.GetCurrent().Token.ToString());
                }
    
                ElevateMe(); //This is where I elevate
    
                IntPtr UserToken;
                String sToke = Registry.LocalMachine.OpenSubKey("SOFTWARE").GetValue("UserToken", "").ToString();
                UserToken = (IntPtr)Convert.ToInt32(sToke);
                
                UserIdent = new WindowsIdentity(UserToken);
                
                ProdDNS.clsGPO GPO = new ProdDNS.clsGPO();
    
                UserContext = UserIdent.Impersonate();
    • Moved by nobugz Monday, October 5, 2009 7:24 PM (From:Visual C# Language)
    Monday, October 5, 2009 6:27 PM