locked
ImpersonateSecurityContext fails to access files on Vista RRS feed

  • Question

  • Hi,

    I need to use SSPI to to authenticate and authorize a user in a client/server application. I'm new to SSPI and as such started with a test client and server apps. I'm using InitializeSecurityContext API on client side and AcceptSecurityContext API on server side. I'm using Negotiate security package with IDENTITY and DELEGATE context attributes. I followed the protocol both on client and server side by exchanging the security token generated on each side. 

    Finally server was able to identify the user of the client application. Then I called ImpersonateSecurityContext API from server app using the security context available on server. After this if I query for GetUserName, it is giving me the name of the user runnin gthe client application. This is expected.

    However, when I try to access a file on a shared drive for which client's user has access, then the fopen_s API is failing with 13 error code (E_ACCESS, Access denied).

    I tried to run client and server under the same user account and facing the same problem.

    I'm using Windows Domain User Accounts with client and server apps. Client and Server machines on a network with Windows 2003 Active Directory. Server machine is a Windows Vista machine. Even if the client is run on the same machine I get the same error while accessing a file after impersonation.

     

    Can anyone guide me to identify the issue and arrive a fix?

     

    Any help is much appreciated.

     

    -Aditya.

    Thursday, April 22, 2010 8:55 AM