-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impersonation without password in .NET Core #5021
Comments
@blowdart is this something you can help with? |
No. From the documentation it looks like there is a constructor for WindowsIdentity which doesn't need a password and examples of impersonation. If those are incorrect then a bug should be logged. |
@wstaelens Please clarify the problem you are encountering. Are you receiving a compiler error, a runtime exception, or something else? Take note that the particular ctor overload you are calling doesn't exist in .NET Core 3.1. You can choose from one of the other available overloads instead. If you're receiving a runtime exception, please provide the exception message and repro code. |
This issue has been automatically closed due to no response from the original author. Please feel free to reopen it if you have more information that can help us investigate the issue further. |
@GrabYourPitchforks yes that constructor doesn't work. It is code from Full .NET Framework. From our understanding .NET Core 3.1 does NOT have a working solution to impersonate WITHOUT supplying a password. The WindowsIdentity and other solutions we tried, just do not impersonate. It doesn't do a thing. The impersonation doesn't work, as a result the user is always incorrect. The only way we have found something working is porting ±8000 lines of code from Full Framework to .NET Core and modifying it so that we could build and impersonate. Because the WindowsIdentity code doesn't impersonate.
Hopefully it will work with the WindowsIdentity soon as currently the impersonation + act as part of the operating system doesn't use the correct user and we receive no errors, no exceptions,... except the message that we don't have permissions, because the code is not executed under the correct (impersonated) user (because the impersonation doesn't work). |
The If you need an access token, you can get one via the Beyond this, I don't know what you mean by "that constructor doesn't work". If you're receiving a compiler error, a runtime error, or an exception, then please provide the details of the error. Without this information we can't provide much more than very high-level guidance. |
This issue has been automatically closed due to no response from the original author. Please feel free to reopen it if you have more information that can help us investigate the issue further. |
maybe the issue is related: dotnet/runtime#29935 (comment) |
It just doesn't work in the .net core 3.x. Super simple example:
Reference: System.Security.Principal.Windows 4.7.0 This raise exception:
Weird things: the
|
@antonGritsenko Please open a new issue for this if you're experiencing a problem here. Though I suspect in your case it has to do with that files like System.Runtime.Extensions.dll are sitting in a local folder and ACLed to your local user account, and [email protected] doesn't have read access to the folder containing these libraries. |
@GrabYourPitchforks its definitely not the case: this test user can run this app from same location. I found workaround: you have to load assembly with calling method before the impersonation, so this will work:
May be author had the same issue. I will play around of this and if I will find more I will create a new issue |
we copied .net framework code and modified it for .net core as we had to move forward. |
We are currently moving a project that was written in .NET Full Framework to .NET Core 3.1. Our project has Windows services, signalr, a web part etc... Choosing for .NET Core feels to be the right thing to do and will hopefully make it future proof (cf. .NET 5)
We intercept print jobs and in the Full Framework project we used impersonation without having to know the users password (policy: "act as part of the operating system").
However we are currently stuck in .NET Core 3.1 as we can't find a way to make the impersonation code working without having to provide a user password. (print jobs need to be processed regarding specific users, not e.g. system).
Impersonation without password in .NET Full Framework:
How can this be done using .NET Core?
The text was updated successfully, but these errors were encountered: