|
Posted by Roger Abell [MVP] on October 7, 2005, 3:20 am
If you were Registered and logged in, you could reply and use other advanced thread options
I believe you should be asking in either the MSDN forums or
in one of the inetserver newsgroups. However, I notice that
your first paragraph's conclusion
> so it is executed under the account of the user
> that launched Internet Explorer (a domain user).
is not necessarily true, for example, when the web is not
configured for non-anonymous access.
> Hi,
>
> I am working on a C CGI application running under IIS6 (W2K3). The
> security for this CGI is "Windows Integrated Authentification"
> (Challenge/Response), so it is executed under the account of the user
> that launched Internet Explorer (a domain user).
>
> In that CGI, I need to execute functions such as "CreateFile" or
> "GetFileSecurity" on files through the network (drive mapped or UNC).
> These functions return ERROR_ACCESS_DENIED error code.
>
> Question 1 : Why these functions return ERROR_ACCESS_DENIED ?
>
>
> In order to make these functions works, I try to impersonate the user
> by using "LogonUser" and "ImpersonateLoggedOnUser" with hard coded
> username and password. It works but it is not a possible solution as I
> can't hard code all username and password.
>
> Then I tried to call "ImpersonateLoggedOnUser" with a user token get
> with OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, hToken).
> "GetTokenInformation" return the correct user name and Impersonation
> works, but I sill have ERROR_ACCESS_DENIED.
>
> Question 2 : Why "LogonUser" + "ImpersonateLoggedOnUser" make my code
> work and not "OpenProcessToken" + "ImpersonateLoggedOnUser" ?
>
>
> I hope to be clear.
>
> Thank you for your help.
>
> Dominique
>
| 
XML site map