Wednesday, October 22nd 2008
Windows Impersonation10/22/2008 01:41 PM
From time to time I have needed to perform actions on a domino server that required NT authentication. Anyone who has tried this before, knows that in most cases that authority that is used is the system account for the specific server that is running, and this account generally does not have access to anything anywhere else.
Recently I ran across a database that Kevin Pettitt put together to perform access to a remote share, after sharing my solution with him he reminded me that I need to post this.
So, here is it. I wrote it mostly by trial and error, but from what I understand its doing behind the scenes is to change the ownership of the current thread so that all operations are performed under a new identy.
So, far I've used it to read and write remote file shares, issue SQL calls, and issue ADO and WMI commands. There are other ways of doing each of those things, but, this way works for all things (that I've tried) that require NT authentication.
This LotusScript was converted to HTML using the ls2html routine,
provided by Julian Robichaux at nsftools.com.
Recently I ran across a database that Kevin Pettitt put together to perform access to a remote share, after sharing my solution with him he reminded me that I need to post this.
So, here is it. I wrote it mostly by trial and error, but from what I understand its doing behind the scenes is to change the ownership of the current thread so that all operations are performed under a new identy.
So, far I've used it to read and write remote file shares, issue SQL calls, and issue ADO and WMI commands. There are other ways of doing each of those things, but, this way works for all things (that I've tried) that require NT authentication.
'Class.Impersonate: Option Public Option Declare Declare Private Function LogonUser Lib "advapi32.dll" Alias "LogonUserA" (Byval lpszUsername As String, Byval lpszDomain As String, Byval lpszPassword As String, Byval dwLogonType As Long, Byval dwLogonProvider As Long, phToken As Long ) As Long Declare Private Function ImpersonateLoggedOnUser Lib "advapi32.dll" Alias "ImpersonateLoggedOnUser" ( Byval hToken As Long ) As Long Declare Private Function RevertToSelf Lib "advapi32.dll" Alias "RevertToSelf" () As Long Declare Private Function CloseHandle Lib "kernel32.dll" Alias "CloseHandle" ( Byval hObject As Long ) As Long Private Const LOGON32_LOGON_NEW_CREDENTIALS& = 9 Private Const LOGON32_PROVIDER_WINNT50& = 3 Class WinImpersonate Private hToken As Long Sub new( Username As String, domain As String, password As String) Dim retval As Integer retval =LogonUser(UserName, Domain, Password, LOGON32_LOGON_NEW_CREDENTIALS&, LOGON32_PROVIDER_WINNT50&, hToken)
If RetVal <> 0 Then RetVal = ImpersonateLoggedOnUser( hToken ) If RetVal = 0 Then If hToken <> 0 Then CloseHandle( hToken ) End If End If Else ' retval = GetLastError()
End If End Sub Sub delete If hToken <> 0 Then CloseHandle( hToken ) Call RevertToSelf() End If End Sub End Class
provided by Julian Robichaux at nsftools.com.
Comments :
No comments.
Powered By :
BlogSphere
Join The WebLog Revolution at BlogSphere.net
- 
