Export (0) Print
Expand All

WindowsImpersonationContext Class

Represents the Windows user prior to an impersonation operation.

System::Object
  System.Security.Principal::WindowsImpersonationContext

Namespace:  System.Security.Principal
Assembly:  mscorlib (in mscorlib.dll)

[ComVisibleAttribute(true)]
public ref class WindowsImpersonationContext : IDisposable

The WindowsImpersonationContext type exposes the following members.

  NameDescription
Public methodDispose()Releases all resources used by the WindowsImpersonationContext.
Protected methodDispose(Boolean)Releases the unmanaged resources used by the WindowsImpersonationContext and optionally releases the managed resources.
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Protected methodFinalizeAllows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.)
Public methodGetHashCodeServes as the default hash function. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Protected methodMemberwiseCloneCreates a shallow copy of the current Object. (Inherited from Object.)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Public methodUndoReverts the user context to the Windows user represented by this object.
Top

This class reverts a user's identity after the user impersonates another user.

Important noteImportant

This type implements the IDisposable interface. When you have finished using the type, you should dispose of it either directly or indirectly. To dispose of the type directly, call its Dispose method in a try/catch block. To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). For more information, see the “Using an Object that Implements IDisposable” section in the IDisposable interface topic.

Notes to Implementers

Because Microsoft Windows 98 and Windows Millennium Edition platforms do not have users or user tokens, impersonation cannot take place on those platforms.

The following example demonstrates how to impersonate a user and then revert to the original identity.

// This sample demonstrates the use of the WindowsIdentity class to impersonate a user. 
// IMPORTANT NOTES:  
// This sample requests the user to enter a password on the console screen. 
// Because the console window does not support methods allowing the password to be masked, 
// it will be visible to anyone viewing the screen. 
// On Windows Vista and later this sample must be run as an administrator. 

#using <System.dll>

using namespace System;
using namespace System::Runtime::InteropServices;
using namespace System::Security::Principal;
using namespace System::Security::Permissions;


[DllImport("advapi32.dll",SetLastError=true)]
bool LogonUser( String^ lpszUsername, String^ lpszDomain, String^ lpszPassword, int dwLogonType, int dwLogonProvider, IntPtr * phToken );

[DllImport("kernel32.dll",CharSet=CharSet::Auto)]
bool CloseHandle( IntPtr handle );

// Test harness. 
// If you incorporate this code into a DLL, be sure to demand FullTrust.

[PermissionSetAttribute(SecurityAction::Demand,Name="FullTrust")]
int main()
{
   IntPtr tokenHandle = IntPtr(0);

   try
   {
      String^ userName;
      String^ domainName;

      // Get the user token for the specified user, domain, and password using the  
      // unmanaged LogonUser method.   
      // The local machine name can be used for the domain name to impersonate a user on this machine.
      Console::Write( "Enter the name of the domain on which to log on: " );
      domainName = Console::ReadLine();
      Console::Write( "Enter the login of a user on {0} that you wish to impersonate: ", domainName );
      userName = Console::ReadLine();
      Console::Write( "Enter the password for {0}: ", userName );
      const int LOGON32_PROVIDER_DEFAULT = 0;

      //This parameter causes LogonUser to create a primary token. 
      const int LOGON32_LOGON_INTERACTIVE = 2;
      const int SecurityImpersonation = 2;
      tokenHandle = IntPtr::Zero;

      // Call LogonUser to obtain a handle to an access token. 
      bool returnValue = LogonUser( userName, domainName, Console::ReadLine(), LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,  &tokenHandle );
      Console::WriteLine( "LogonUser called." );
      if ( false == returnValue )
      {
         int ret = Marshal::GetLastWin32Error();
         Console::WriteLine( "LogonUser failed with error code : {0}", ret );
         throw gcnew System::ComponentModel::Win32Exception( ret );
      }
      Console::WriteLine( "Did LogonUser Succeed? {0}", (returnValue ? (String^)"Yes" : "No") );
      Console::WriteLine( "Value of Windows NT token: {0}", tokenHandle );

      // Check the identity.
      Console::WriteLine( "Before impersonation: {0}", WindowsIdentity::GetCurrent()->Name );

      // The token that is passed to the following constructor must  
      // be a primary token in order to use it for impersonation.
      WindowsIdentity^ newId = gcnew WindowsIdentity( tokenHandle );
      WindowsImpersonationContext^ impersonatedUser = newId->Impersonate();

      // Check the identity.
      Console::WriteLine( "After impersonation: {0}", WindowsIdentity::GetCurrent()->Name );

      // Stop impersonating the user.
      impersonatedUser->Undo();

      // Check the identity.
      Console::WriteLine( "After Undo: {0}", WindowsIdentity::GetCurrent()->Name );

      // Free the tokens. 
      if ( tokenHandle != IntPtr::Zero )
            CloseHandle( tokenHandle );
   }
   catch ( Exception^ ex ) 
   {
      Console::WriteLine( "Exception occurred. {0}", ex->Message );
   }

}

.NET Framework

Supported in: 4.6, 4.5, 4, 3.5, 3.0, 2.0, 1.1

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Show:
© 2015 Microsoft