5

I have a website in which I create a file and save it in a remote share folder. I have a account which have write access to that share folder. So I impersonate that account while saving the file in that path. This logic works when I run the application from my visual studio locally in my machine. When I deploy the code in the development server, It does't work. I get the following error.

"Logon failure: the user has not been granted the requested logon type at this computer"

can someone help.

Here is the impersonation code from codeproject

using System;
using System.Security.Principal;
using System.Runtime.InteropServices;
using System.ComponentModel;

public class Impersonator :
    IDisposable

{

public Impersonator(
    string userName,
    string domainName,
    string password)
{
    ImpersonateValidUser(userName, domainName, password);
}

// ------------------------------------------------------------------
#endregion

#region IDisposable member.
// ------------------------------------------------------------------

public void Dispose()
{
    UndoImpersonation();
}

// ------------------------------------------------------------------
#endregion

#region P/Invoke.
// ------------------------------------------------------------------

[DllImport("advapi32.dll", SetLastError = true)]
private static extern int LogonUser(
    string lpszUserName,
    string lpszDomain,
    string lpszPassword,
    int dwLogonType,
    int dwLogonProvider,
    ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern int DuplicateToken(
    IntPtr hToken,
    int impersonationLevel,
    ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern bool CloseHandle(
    IntPtr handle);

private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;

// ------------------------------------------------------------------
#endregion

#region Private member.
// ------------------------------------------------------------------

/// <summary>
/// Does the actual impersonation.
/// </summary>
/// <param name="userName">The name of the user to act as.</param>
/// <param name="domainName">The domain name of the user to act as.</param>
/// <param name="password">The password of the user to act as.</param>
private void ImpersonateValidUser(
    string userName,
    string domain,
    string password)
{
    WindowsIdentity tempWindowsIdentity = null;
    IntPtr token = IntPtr.Zero;
    IntPtr tokenDuplicate = IntPtr.Zero;

    try
    {
        if (RevertToSelf())
        {
            if (LogonUser(
                userName,
                domain,
                password,
                LOGON32_LOGON_INTERACTIVE,
                LOGON32_PROVIDER_DEFAULT,
                ref token) != 0)
            {
                if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
                {
                    tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
                    impersonationContext = tempWindowsIdentity.Impersonate();
                }
                else
                {
                    throw new Win32Exception(Marshal.GetLastWin32Error());
                }
            }
            else
            {
                throw new Win32Exception(Marshal.GetLastWin32Error());
            }
        }
        else
        {
            throw new Win32Exception(Marshal.GetLastWin32Error());
        }
    }
    finally
    {
        if (token != IntPtr.Zero)
        {
            CloseHandle(token);
        }
        if (tokenDuplicate != IntPtr.Zero)
        {
            CloseHandle(tokenDuplicate);
        }
    }
}

/// <summary>
/// Reverts the impersonation.
/// </summary>
private void UndoImpersonation()
{
    if (impersonationContext != null)
    {
        impersonationContext.Undo();
    }
}

private WindowsImpersonationContext impersonationContext = null;

// ------------------------------------------------------------------
#endregion

}

Muthukumar
  • 8,679
  • 17
  • 61
  • 86
  • 1
    what user account are you running it under from your local domain\user are you and admin on that remote computer.. perhaps you need to setup a service account or a user account on that remote machine and make sure it has rights as admin or it's perspective user rights .. have you checked the permissions manually as well on the remote machine for the user..? – MethodMan Aug 17 '12 at 20:14
  • 1
    It sounds like the error could be caused by the impersonation method is trying to impersonate not just for the connection, but also for the local machine. – Guvante Aug 17 '12 at 20:15
  • do you also have code that you can show..? how are you connecting to the Remote machine. – MethodMan Aug 17 '12 at 20:15
  • your local machine and the server are in different domains???? – perilbrain Aug 17 '12 at 20:16
  • I have used the impersonation method specified by this code project article http://www.codeproject.com/Articles/10090/A-small-C-Class-for-impersonating-a-User – Muthukumar Aug 17 '12 at 20:18
  • My local machine, dev server and the remote share folder are all in the same domain. – Muthukumar Aug 17 '12 at 20:19
  • I checked with the same credentials by trying to write in a different share path(in the same server of the original share path). I tried this code from my local VS. It did't work. So I am sure, that the credentials I use have write access to the original share path. But I do not know, Why it does't work from the dev server. – Muthukumar Aug 17 '12 at 20:22
  • @Guvante Hi, I do not understand, what you mean by my "impersonation method is trying to impersonate not just for the connection, but also for the local machine"... – Muthukumar Aug 17 '12 at 20:25
  • 1
    @Muthukumar: Impersonation can be applied at several levels. You could impersonate to provide access to a local drive just as well as a remote drive. If you did a full impersonation (I want to do everything through this login) you could get failure if the given account was missing something, such as the ability to login as a service. You might also want to check that the service account is allowed to impersonate. – Guvante Aug 17 '12 at 20:42

1 Answers1

13

I found the answer myself. I changed the logon type to 8 and it worked.. Thanks everyone

Muthukumar
  • 8,679
  • 17
  • 61
  • 86
  • We've dealt with using impersonation to copy files over the network, and always have issues, such as the SynchronizationContext of the async call, service account issues, excessive Barracuda rules etc etc...but for this exact error message, Muthukumar's solution absolutely fixed the issue. We changed from LOGON32_LOGON_INTERACTIVE (which all the samples use) to LOGON32_LOGON_NETWORK_CLEARTEXT and bam! – mdisibio Aug 17 '17 at 20:07