| |
Articles from
July 2008
Nothing new here. I just wanted to save this code snippet because it's popped up a few times in the past year and I have to go find it over and over. At least this will make it a little easier for me. This is by no means an authoritative reference -- it's simply what I have used. If you know of something I'm missing, please let me know.
First, you'll need to import the Win32 LogonUser() function:
using System.Runtime.InteropServices;
[DllImport("advapi32.dll", SetLastError=true)]
public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr phToken);
The only question you probably have is about the logon type and provider parameters. The only provider I know of is the default, 0, which uses "negotiate" (Kerberos, then NTLM) for Windows XP/Server 2003 and later machines. Windows 2000 defaults to NTLM. If you don't know the difference, let me know and I'll explain that in more detail. Here are a list of logon types:
- Interactive (2) -- Intended for interactive use (duh) with something like terminal server or executing a remote shell. This type caches credentials for disconnected operations.
- Network (3) -- Intended for high performance servers to authenticate plain-text passwords.
- Batch (4) -- Intended for batch servers, which act on behalf of the user without his/her direct intervention. Typically used to process many plain-text auth attempts at a time.
- Service (5) -- Intended for service accounts, which have the "service" privilege enabled -- don't ask me what that is because I don't know.
- Unlock (7) -- Intended for GINA DLLs (whatever that is) that will interactively use the machine. This type includes some auditing.
- Clear Text (8) -- Intended for double-hop impersonation scenarios where credentials will be sent to the target server to allow it to also impersonate the user. As I understand it, this is what IIS "Basic" authentication uses. To perform a double-hop, you'll actually have to do a few other things. I won't get into that here, but let me know if that'd be of interest.
- New Credentials (9) -- Clones current credentials and uses new credentials for outbound connections. Supposedly, this doesn't work with the default provider -- it requires the WINNT50 provider, whatever that is.
The following is a list of the supported providers. I don't know anything about the non-default ones, but figured I'd list them for completeness..
- Default (0) -- "Negotiate" (Kerberos, then NTLM) for Windows XP/Server 2003 and later; NTLM for Windows
- NT 3.5 (1)
- NT 4.0 (2)
- NT 5.0 (3) -- Required for the "new credentials" logon type.
Next, well... just use it. As you can see, the last parameter in the LogonUser() function is an out parameter for a token which represents the user. This is key. All you need to do is initialize a WindowsIdentity instance with this token and you're well on your way.
using System.Security.Principal;
public static WindowsIdentity GetIdentity(string domain, string userName, string password)
{
IntPtr token;
bool success = LogonUser(userName, domain, password, 2, 0, out token);
return (success) ? new WindowsIdentity(token) : null;
}
Pretty simple. Of course, we still aren't there, yet. Now that you have the identity, you most likely want to impersonate it. Luckily, this is a simple 2-liner... well, technically two 1-liners. I should also say that, if you want to do impersonation with an already-obtained WindowsIdentity (and you don't have a password), you'll start here.
ImpersonationContext context = GetIdentity("mydomain", "me", "mypassword").Impersonate();
context.Undo();
That's it. Enjoy!
I just found something very useful in Visual Studio 2008 a few days ago. I've been using MSTest for about 2 years, now, and one thing I liked initially was the wizard that would generate test stubs for you. I liked that it gave you somewhere to start. After using it more and more, I began to hate it, tho. I guess the problem is I'm anal about how my code looks and I end up changing everything. So, I started generating the classes myself. The only problem with this approach is the private member accessor the wizard generates is no longer there. Not desirable, but there's an easy fix: run thru the wizard quickly and delete the methods. At least, that was until a few days ago. In VS08, all you need to do is open the file of the desired class, right click the background, select the Create Private Accessor menu item, and then pick the test project to add it to. VS has so many menu items, it's easy to overlook the really useful ones, so I figured this one was worth sharing. Hopefully, Sara Ford  is listening.
I've talked about my desire for a keyboard layout standard, especially with respect to laptops. Heck, I've even tossed the idea of buying a MacBook out the window because of their horrible keyboard. For me, this is the first thing I look at when considering a new laptop. Since last year, when I bought my first Lenovo, I've been griping about the ridiculous Fn key, which is on the wrong side of the Ctrl key. That's not my only complaint, but it's the biggest one. The next is the Esc key that's above F1, which causes me to press F1 occasionally. There's a few more, but I'll spare you. Luckily, Lenovo fans have a small glimmer of hope: Lenovo keyboard layout survey. This was recently mentioned on the Lenovo Design Matters blog . Go, go, GO!!! Unfortunately, this doesn't explicitly ask about the Fn key, but I definitely left a comment about it. Please take the survey, but if you contribute to them screwing up the 3x2 Insert/Delete, Home/End, Page Up/Down keys, I'm coming after you.
I hate self-promotional posts, which is why I never announced my move from Geeks w/ Blogs to my personal server and why I never moved to MSDN blogs, but I feel like this one at least serves a purpose for other bloggers...
I'm doing something I've been meaning to do for a while: update the URL of my feeds. I use FeedBurner, which has been nice, but I've always hated using a FeedBurner URL. I thought about creating a reverse proxy to do it, but never felt the sheer need to spend the time to do that. Luckily, FeedBurner has done the work for me. I'm not sure if this is a new service or not, but I have to thank Scott Watermasysk for pointing me to FeedBurner MyBrand. This feature allows you to specify a custom domain for your feeds. While not the complete flexibility I'd like, it at least gives me the ability to maintain a controlled domain name in case I ever decide to self-host my feed.
With this, the following are my new feed URLs:
I'm probably going to be scrapping my feedback and ratings blogs. Feedback is too tedious because I have too many ideas and ratings gets annoying because I put everything in Netflix and sometimes IMDB. I'm looking for a good platform to support this type of blog, but haven't found one, yet. I'll probably just create some mashup using Netflix's feed.
Here's some "Yellow Submarine" talk about the Xbox... by the way, if you didn't catch that reference, then you're missing out on Mac Break Weekly , which is entertaining to all. But, I digress... The Xbox 360 has been dropping its price over the past few months, it seems like. I look at this and think about how long it's been since there's been a serious upgrade and I have to wonder if we might be seeing the very typical price drop before a new release. I have absolutely 0 knowledge about anything related to the Xbox and don't even own one, but I do admit that I'd be very intrigued by a new platform... probably enough to actually go out and buy one, which means a lot to me since I'm not a gamer. We'll see. Supposedly there will be something coming out at E3.
The following consists of the English DVD updates released under the MSDN Premium (Team Suite) subscription level for July 2008.
Operating Systems
- Disc 4455.01 / Part X14-95954
- Windows Vista® with Service Pack 1 (x64 and x86) (English)
- Windows Vista® Service Pack 1 Update (DVD-5 ISO) (Multilanguage)
Developer Tools
- Disc 4583 / Part X14-95855
- Expression® Studio 2 (English)
For more information, see the MSDN Subscriptions Index.
|
|
|
|