0

I am using Impersonation in my program. I don't have any problem. However, when I create Windows Service, I am having an exception while impersonating. What can be the problem? In my account, I can successfully apply impersonation but windows services run on Local System account. Is it a problem?

Here is my code:

public enum SECURITY_IMPERSONATION_LEVEL : int
{
    SecurityAnonymous = 0,
    SecurityIdentification = 1,
    SecurityImpersonation = 2,
    SecurityDelegation = 3
}

public static WindowsImpersonationContext ImpersonateUser(string sUsername, string sDomain, string sPassword)
    {
        // initialize tokens
        IntPtr pExistingTokenHandle = new IntPtr(0);
        IntPtr pDuplicateTokenHandle = new IntPtr(0);
        pExistingTokenHandle = IntPtr.Zero;
        pDuplicateTokenHandle = IntPtr.Zero;

        // if domain name was blank, assume local machine
        if (sDomain == "")
            sDomain = System.Environment.MachineName;

        try
        {
            string sResult = null;
            const int LOGON32_PROVIDER_DEFAULT = 0;                
            const int LOGON32_LOGON_INTERACTIVE = 2;

            // get handle to token
            bool bImpersonated = LogonUser(sUsername, sDomain, sPassword,
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref pExistingTokenHandle);

            // did impersonation fail?
            if (!bImpersonated)
            {
                //Giriş yapılırken hata ile karşılaşıldı
                Helper.ShowErrorMsg(ErrorAndInfoMessages.ErrorOnLogon);
                return null;
            }

            // Get identity before impersonation
            sResult += "Before impersonation: " + WindowsIdentity.GetCurrent().Name + "\r\n";
            bool bRetVal = DuplicateToken(pExistingTokenHandle, (int)SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, ref pDuplicateTokenHandle);

            // did DuplicateToken fail?
            if (!bRetVal)
            {
                //DuplicateToken() failed
                Helper.ShowErrorMsg(ErrorAndInfoMessages.ErrorTokenFailed);
                return null;
            }
            else
            {
                // create new identity using new primary token
                WindowsIdentity newId = new WindowsIdentity(pDuplicateTokenHandle);
                WindowsImpersonationContext impersonatedUser = newId.Impersonate();

                // check the identity after impersonation
                sResult += "After impersonation: " + WindowsIdentity.GetCurrent().Name + "\r\n";
                return impersonatedUser;
            }
        }
        catch (Exception ex)
        {
            Helper.ShowErrorMsg("ImpersonateUser Hata: " + ex.Message);
            return null;   
        }
        finally
        {
            // close handle(s)
            if (pExistingTokenHandle != IntPtr.Zero)
                CloseHandle(pExistingTokenHandle);
            if (pDuplicateTokenHandle != IntPtr.Zero)
                CloseHandle(pDuplicateTokenHandle);                
        }
    }

Here is the exception: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.

I also tried run windows service with my account but nothing had changed.

cihadakt
  • 3,054
  • 11
  • 37
  • 59

1 Answers1

1

Try using LOGON32_LOGON_NETWORK = 3 instead of LOGON32_LOGON_INTERACTIVE = 2. According to MSDN LOGON32_LOGON_INTERACTIVE is intended for users who will be interactively using the computer, therefore an unattended process like a windows service could fail.

We ran into the same issue and the above change fixed it.

Bharatha Perera
  • 11
  • 1
  • I solved it. Windows Services run on Local System account but this account doesn't have network access. That's why I couldn't impersonate. Thanks anyway... – cihadakt Feb 22 '13 at 08:32