ConnectServer using impersonation token

Secure Home | Search | About

Lost Password?

Microsoft Applications Security - Microsoft's general security discussions and announcements

Bookmark this page: YahooMyWeb

Yahoo!

Google

Windows Live

del.icio.us digg

digg

Netscape

Subject	Author	Date
ConnectServer using impersonation token	rawprogrammer	10-20-2008

Posted by rawprogrammer on October 20, 2008, 5:00 am

If you were Registered and logged in, you could reply and use other advanced thread options

Hi.

I'm trying to connect to a remote computer in C++, using
`IWbemLocator::ConnectServer` method. The hosting process has no
permissions to connect, but the current thread is impersonated to a
powerful user. The call fails (error code is 0x80070005). In the
Security Event Log of the remote machine I can find the authentication
request, and the username is the process' user (not the impersonatd
user).

I've tried to create a new process (Using CreateProcessAsUser), and
then all works. It's not good enough because I must do it in the
current process.

It looks like the problem is in the underlying DCOM layer.

Can someone help?

Similar Threads	Posted
LogonUser, impersonation and SHGetFolderPath	April 27, 2006, 2:45 pm
impersonation for active directory userid fails	May 14, 2008, 3:40 pm
Token validation is inconsistent	May 16, 2008, 10:25 am
Security token design question	July 28, 2005, 3:06 pm
Is there any SPNEGO/GSSAPI token creation API?	August 9, 2005, 9:29 pm
Kerberos token in windows logon	December 23, 2008, 5:45 pm
How to create the SPNEGO token used in CIFS/SMB authentication?	August 4, 2005, 7:42 pm
Send current user token to IIS server	August 25, 2006, 7:37 am
"replace a process level token" security	November 25, 2008, 1:18 pm
mixed authentication and LogonUser token in forms ticket - safe?	August 30, 2007, 6:44 am

The site map in XML format XML site map