HighTechTalks DotNet Forums  

Winform: Impersonating user with no password set

Go Back HighTechTalks DotNet Forums Dotnet Dotnet Security Winform: Impersonating user with no password set

Dotnet Security microsoft.public.dotnet.security


Discuss Winform: Impersonating user with no password set in the Dotnet Security forum.



Reply
Page 1 of 2 1 2 >
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
nano2k
 
Posts: n/a

Default Winform: Impersonating user with no password set - 07-10-2007 , 10:23 AM





Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.

Thanks.


Reply With Quote
  #2  
Old   
Dominick Baier
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-10-2007 , 11:27 AM





Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Quote:
Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.



Reply With Quote
  #3  
Old   
Dominick Baier
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-10-2007 , 11:27 AM


Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Quote:
Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.



Reply With Quote
  #4  
Old   
Joe Kaplan
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-10-2007 , 05:02 PM


Also, it may be possible to use S4U logon. You'll need TCB privilege in
your process account in order to get an impersonation level token and will
need to run the code on Win2K3 or higher and have AD 2003 in 2003 forest
functional level to use this AD feature. It also only works with domain
accounts.

S4U is easy to use in .NET. Just use the WindowsIdentity constructor that
takes the user's UPN.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:8e6a913a137ba8c9912eb2a36080 (AT) news (DOT) microsoft.com...
Quote:
Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.



Reply With Quote
  #5  
Old   
Joe Kaplan
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-10-2007 , 05:02 PM


Also, it may be possible to use S4U logon. You'll need TCB privilege in
your process account in order to get an impersonation level token and will
need to run the code on Win2K3 or higher and have AD 2003 in 2003 forest
functional level to use this AD feature. It also only works with domain
accounts.

S4U is easy to use in .NET. Just use the WindowsIdentity constructor that
takes the user's UPN.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:8e6a913a137ba8c9912eb2a36080 (AT) news (DOT) microsoft.com...
Quote:
Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.



Reply With Quote
  #6  
Old   
nano2k
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-11-2007 , 04:50 AM


Yes, I can logon with that account.
The system is Windows XP Home Ed. with SP2


Dominick Baier a scris:
Quote:
Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.


Reply With Quote
  #7  
Old   
nano2k
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-11-2007 , 04:50 AM


Yes, I can logon with that account.
The system is Windows XP Home Ed. with SP2


Dominick Baier a scris:
Quote:
Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.


Reply With Quote
  #8  
Old   
nano2k
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-11-2007 , 04:52 AM


Thanks for response
I need this for an Windows XP Home Edition with SP2 with no domain.


Joe Kaplan a scris:
Quote:
Also, it may be possible to use S4U logon. You'll need TCB privilege in
your process account in order to get an impersonation level token and will
need to run the code on Win2K3 or higher and have AD 2003 in 2003 forest
functional level to use this AD feature. It also only works with domain
accounts.

S4U is easy to use in .NET. Just use the WindowsIdentity constructor that
takes the user's UPN.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:8e6a913a137ba8c9912eb2a36080 (AT) news (DOT) microsoft.com...
Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.


Reply With Quote
  #9  
Old   
nano2k
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-11-2007 , 04:52 AM


Thanks for response
I need this for an Windows XP Home Edition with SP2 with no domain.


Joe Kaplan a scris:
Quote:
Also, it may be possible to use S4U logon. You'll need TCB privilege in
your process account in order to get an impersonation level token and will
need to run the code on Win2K3 or higher and have AD 2003 in 2003 forest
functional level to use this AD feature. It also only works with domain
accounts.

S4U is easy to use in .NET. Just use the WindowsIdentity constructor that
takes the user's UPN.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Dominick Baier" <dbaier (AT) pleasepleasenospam_leastprivilege (DOT) com> wrote in
message news:8e6a913a137ba8c9912eb2a36080 (AT) news (DOT) microsoft.com...
Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.


Reply With Quote
  #10  
Old   
Dominick Baier
 
Posts: n/a

Default Re: Winform: Impersonating user with no password set - 07-11-2007 , 07:24 AM


how do you impersonate??

by calling LogonUser? do you get a valid token back when passing in no password?

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Quote:
Yes, I can logon with that account.
The system is Windows XP Home Ed. with SP2
Dominick Baier a scris:

Can you logon with that account?

e.g. using runas - or winlogon?
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

Hi

Is there a way to impersonate to a local account with no password
defined?
My tests were negative until now.
Thanks.



Reply With Quote
Reply
Page 1 of 2 1 2 >

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top