.Net Core Impersonation / MMI

Roxtar

Roxtar

New member
Joined
Apr 13, 2021
Messages
4
Programming Experience
10+
Hi,

programming an intranetapp i run into a hard nut with .net core.

App is hosted on IIS and should query any devices MMI in my domain.
Local it works like a charm and on the same machine with IISExpress. (not for remotemachines)

C#: 
var user = _httpContextAccessor.HttpContext.User;
            var winUser = (WindowsIdentity)user.Identity;          
            IEnumerable<CimInstance> deviceQuery = null;
          
#pragma warning disable CA1416
            await WindowsIdentity.RunImpersonatedAsync(
                winUser.AccessToken,
                // User action
                async () =>
                { 
                    DComSessionOptions dcomOptions = new DComSessionOptions();
                    dcomOptions.Impersonation = ImpersonationType.Impersonate;
                    dcomOptions.PacketIntegrity = true;
                    dcomOptions.PacketPrivacy = true;                  
                    CimSession impSession = CimSession.Create(devicename, dcomOptions);
                    deviceQuery = impSession.QueryInstances("root\\cimv2", "WQL", "SELECT * FROM win32_operatingsystem");
                }
            );
#pragma warning restore CA1416

the code above is used to query given machine, but access is allways denied, but the user it comes from httpcontext has rights on that machine.
Can anyone give hints what i can do make it work? (No i don't wana use normal .NET) :)

My IIS is Configured: Classicmode and Identity: Impersonate

thank you very much

RoXtar
 
Last edited by a moderator:
Sort by date Sort by votes
I assume you are running with .NET 5.0. As I vaguely recall, many things used to be stubbed out in older versions of .NET Core.

Anyway, I would suggest checking to see what identity you are using to run the IIS app pool. Does that identity have privileges to impersonate? I don't recall the names of those privileges, right now.
 
Upvote 0 Downvote
Hi Skydiver,

glad to see your answer.

I am using 5.0 for shure..

Tested identities:
System identity
Pool started with my admin

You right, core has kicked impersonation for the entire app, so impersonation is possible with RunImpersonated only for a piece of code.
 
Last edited:
Upvote 0 Downvote
Hi,

my adminuser, he is running the app in iis at the moment, has impersonationrights already. any suggestions or hints to find another way?

At the moment i use the basic authentication way and give an cimcredentialobject.
This is functional, but using WindowsAuth is the preferred way for our other intranetapps.

thanx for suggestions
 
Upvote 0 Downvote

Similar threads

S
  • Question
Does anyone know why i might be getting the following CORS error?
Replies
1
Views
3K
Skydiver
Skydiver

Share this page

Latest posts

Back
Top Bottom