locked
Either a required impersonation level was not provided, or the provided impersonation level is invalid. RRS feed

  • Question

  • I have a clickOnce WinForms app built with Visual Studio 2010 Pro on Win 7. It is deployed to all Win XP boxes (except 1). It runs with no issues on all XP boxes. On the Win 7 box when it tries to create a FileInfo object using a file from the network I receive the error message that is the Title of this post. I am using a service account to read/write to a protected file structure on the network. The account logs on with no issues. It is when the call is made to create the FileInfo that the error is received.

    The method header is:
    <PermissionSetAttribute(SecurityAction.Demand, Name:="FullTrust"

    )>

    Getting the handle is:
    Dim serviceID As New WindowsIdentity(safeTokenHandle.DangerousGetHandle())
    Using serviceAccount As WindowsImpersonationContext= serviceID.Impersonate()
    fiSourceFile =
    New FileInfo(documentFullName)
    End

    Using

    Note that when we elevate the user of the application to an 'admin' on the local box, the app runs without errors.

    What is it about Win 7 that is preventing this from working correctly?

    Any help is appreciated.

    Thank you!

     

     

    Friday, September 16, 2011 1:59 PM

All replies

  • Hi,

    In Windows7, the File Access rigths is more perfect than the Windows XP. If you want to access the files, you must get the rights which you've set.

    Maybe the following articles will help you:

    Creating and Opening Files:
    http://msdn.microsoft.com/en-us/library/aa363874(VS.85).aspx

    Best Regards

     


    Neddy Ren [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Neddy Ren Monday, September 26, 2011 2:27 AM
    • Unmarked as answer by DotNetDataNerd Monday, December 5, 2011 3:50 PM
    Monday, September 19, 2011 8:55 AM
  • Mr. Ren. Thank you for the reply. How do I "get the rights" using VB 2010?
    Monday, December 5, 2011 3:58 PM
  • To be honest I'm surprised this works on XP.  There are a few things that could be an issue on Windows 7:

    1. The user for some reason does not have the "Act as part of the Operating System" privilege. I believe that limited users do not have this right by default, that's why elevation to administrator works, and it's why I'm surprised that it works on XP.

    2. Your impersonation code is getting a limited user handle because Windows 7 is a UAC system.

    3. Something a bit more complex is going on because impersonation does not by default load that user's profile and so you're running with the other user's account but the default registry and the remote file is on a mapped drive, or something like that.

    You might be better off in another forum. You have an app security issue with Windows 7, not an issue developing or running a setup project.


    Phil Wilson
    Monday, December 5, 2011 7:48 PM
  • Thank you Mr. Wilson for the reply and the helpful info. Per your suggestion I have moved this issue to here: http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/7c04747b-104d-412e-9ee4-8a85b0eb7851

    If you happen to have any further suggestions please post them there.

    thanks again.

     

     

    Monday, December 5, 2011 9:12 PM