Dear Henri,
To undo the impersonation, it is simple: Use the Undo()
method.
e.g.
'Create a new windows identity.
Dim token2 As Integer =
oSecurity.NetworkImpersonate(sPersonYouImpersonating As,
sPassword,
sDomain)
Dim mWI2 As WindowsIdentity = New WindowsIdentity(token2)
'Impersonate the user.
Dim mWIC As WindowsImpersonationContext =
mWI2.Impersonate()
'Undo the impersonation
mWIC.Undo()
The code above is in VB and not c#, but if you know C#, I
think you no
problem reading the code above.
Addition comments:
Also, may I suggest having a way to leave the impersonation
details at
the xml files. i.e. The programmers can choose who they want
to
impersonate when logging.
Regards,
Eugene
-----Original Message-----
From: Henri Kuiper (JIRA) [mailto:jira apache.org]
Sent: Friday, May 04, 2007 5:55 PM
To: log4net-devlogging.apache.org
Subject: [jira] Commented: (LOG4NET-109)
WindowsSecurityContext support
for the original identity
[
https://issues.apache.org/jira/browse/LO
G4NET-109?page=com.atlassian.jir
a.plugin.system.issuetabpanels:comment-tabpanel#action_12493
641 ]
Henri Kuiper commented on LOG4NET-109:
--------------------------------------
You're right, but I could not find out how to undo the
impersonation
declarative. Perhaps it would be an idea to extend the sdk
with the
syntax how to do things declarative.
Greetings,
Henri
> WindowsSecurityContext support for the original
identity
>
--------------------------------------------------------
>
> Key: LOG4NET-109
> URL: htt
ps://issues.apache.org/jira/browse/LOG4NET-109
> Project: Log4net
> Issue Type: Improvement
> Components: Appenders
> Affects Versions: 1.2.10
> Reporter: Henri Kuiper
> Assigned To: Nicko Cadell
> Priority: Minor
>
> I have build a web application where users enter with
integrated
authentication and impersonation is true. I however do not
want all of
these users to have write permissions in the logging folder.
So I
changed the WindowsSecurityContext class so that the logging
will be
done under the original user account (before impersonation).
I made the
following changes:
> 1. Added the property UseOriginalIdentity:
> public string UseOriginalIdentity
> {
> get
> {
> return
this.m_useOriginalIdentity.ToString();
> }
> set
> {
> this.m_useOriginalIdentity =
(value.ToLower() ==
"true");
> }
> }
> 2. Added an extra condition "if
(!this.m_useOriginalIdentity)" to the
ActivateOptions() member:
> public void ActivateOptions()
> {
> if (this.m_impersonationMode ==
ImpersonationMode.User)
> {
> if (!this.m_useOriginalIdentity)
> {
> if (this.m_userName == null)
> {
> throw new
ArgumentNullException("m_userName");
> }
> if (this.m_domainName == null)
> {
> throw new
ArgumentNullException("m_domainName");
> }
> if (this.m_password == null)
> {
> throw new
ArgumentNullException("m_password");
> }
> this.m_identity =
WindowsSecurityContext.LogonUser(this.m_userName,
this.m_domainName,
this.m_password);
> }
> }
> }
> 3. Added a condidion and a statement to the
Impersonate() member
which causes the impersonation to be undone:
> public override IDisposable Impersonate(object
state)
> {
> if (this.m_impersonationMode ==
ImpersonationMode.User)
> {
> if (this.m_useOriginalIdentity)
> {
> return new
DisposableImpersonationContext(WindowsIdentity.Impersonate(I
ntPtr.Zero))
;
> }
> if (this.m_identity != null)
> {
> return new
DisposableImpersonationContext(this.m_identity.Impersonate()
);
> }
> }
> else if (this.m_impersonationMode ==
ImpersonationMode.Process)
> {
> return new
DisposableImpersonationContext(WindowsIdentity.Impersonate(I
ntPtr.Zero))
;
> }
> return null;
> }
> I would be pleased if this functionality could be
somehow added to a
new release.
> Thanks,
> Henri Kuiper
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue
online.
|
