I'm trying to impersonate a remote active directory account in my asp.net c# website which is hosted on a none domain computer (or other domain). I've gotten this to work:
IntPtr token = IntPtr.Zero;
LogonUser( "username", "ad.some.other.domain.com", "password", LOGON_TYPE_NEW_CREDENTIALS, LOGON32_PROVIDER_WINNT50, ref token))
{
WindowsImpersonationContext wic;
wic = WindowsIdentity.Impersonate(token);
//run code under the impersonated user.
//System.Environment.UserName returns windows user (not impersonated one)
//WindowsIdentity.GetCurrent() returns windows user (not impersonated one)
}
My code runs, but I'm not able to get the 'username' of the impersonated user. I understand this is because i'm using LOGON_TYPE_NEW_CREDENTIALS as my logon type, which technically doesn't impersonate, but runs network connections under the impersonated account using the token. This works fine, but ideally my site would run under the impersonated user, so I can get the username, and possibly other features. Basically I want to interact with the site as the impersonated user, not just run network connections as the impersonated user. I've tried LOGON32_LOGON_INTERACTIVE as the logon type, but this doesn't allow me to authenticate domain accounts on my site which is running on a none domain computer.
Is there something I can do so that I can fully impersonate (get the username, etc.) and authenticate using active directory from a none domain computer?
