Monday, 19 July 2010

Impersonating Users - e.g. For Unit Tests

http://platinumdogs.wordpress.com/2008/10/30/net-c-impersonation-with-network-credentials/

//---code below---

using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Principal;

namespace Tools.Network
{
public enum LogonType
{
LOGON32_LOGON_INTERACTIVE = 2,
LOGON32_LOGON_NETWORK = 3,
LOGON32_LOGON_BATCH = 4,
LOGON32_LOGON_SERVICE = 5,
LOGON32_LOGON_UNLOCK = 7,
LOGON32_LOGON_NETWORK_CLEARTEXT = 8, // Win2K or higher
LOGON32_LOGON_NEW_CREDENTIALS = 9 // Win2K or higher
};

public enum LogonProvider
{
LOGON32_PROVIDER_DEFAULT = 0,
LOGON32_PROVIDER_WINNT35 = 1,
LOGON32_PROVIDER_WINNT40 = 2,
LOGON32_PROVIDER_WINNT50 = 3
};

public enum ImpersonationLevel
{
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3
}

class Win32NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int LogonUser( string lpszUserName,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken( IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
}

///
/// Allows code to be executed under the security context of a specified user account.
///

///
///
/// Implements IDispose, so can be used via a using-directive or method calls;
/// ...
///
/// var imp = new Impersonator( "myUsername", "myDomainname", "myPassword" );
/// imp.UndoImpersonation();
///
/// ...
///
/// var imp = new Impersonator();
/// imp.Impersonate("myUsername", "myDomainname", "myPassword");
/// imp.UndoImpersonation();
///
/// ...
///
/// using ( new Impersonator( "myUsername", "myDomainname", "myPassword" ) )
/// {
/// ...
/// [code that executes under the new context]
/// ...
/// }
///
/// ...
///

public class Impersonator : IDisposable
{
private WindowsImpersonationContext _wic;

///
/// Begins impersonation with the given credentials, Logon type and Logon provider.
///

///
Name of the user.
///
Name of the domain.
///
The password.
///
Type of the logon.
///
The logon provider.
public Impersonator(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider)
{
Impersonate(userName, domainName, password, logonType, logonProvider);
}

///
/// Begins impersonation with the given credentials.
///

///
Name of the user.
///
Name of the domain.
///
The password.
public Impersonator(string userName, string domainName, string password)
{
Impersonate(userName, domainName, password, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT);
}

///
/// Initializes a new instance of the class.
///

public Impersonator()
{}

///
/// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
///

public void Dispose()
{
UndoImpersonation();
}

///
/// Impersonates the specified user account.
///

///
Name of the user.
///
Name of the domain.
///
The password.
public void Impersonate(string userName, string domainName, string password)
{
Impersonate(userName, domainName, password, LogonType.LOGON32_LOGON_INTERACTIVE, LogonProvider.LOGON32_PROVIDER_DEFAULT);
}

///
/// Impersonates the specified user account.
///

///
Name of the user.
///
Name of the domain.
///
The password.
///
Type of the logon.
///
The logon provider.
public void Impersonate(string userName, string domainName, string password, LogonType logonType, LogonProvider logonProvider)
{
UndoImpersonation();

IntPtr logonToken = IntPtr.Zero;
IntPtr logonTokenDuplicate = IntPtr.Zero;
try
{
// revert to the application pool identity, saving the identity of the current requestor
_wic = WindowsIdentity.Impersonate(IntPtr.Zero);

// do logon & impersonate
if (Win32NativeMethods.LogonUser(userName,
domainName,
password,
(int)logonType,
(int)logonProvider,
ref logonToken) != 0)
{
if (Win32NativeMethods.DuplicateToken(logonToken, (int)ImpersonationLevel.SecurityImpersonation, ref logonTokenDuplicate) != 0)
{
var wi = new WindowsIdentity(logonTokenDuplicate);
wi.Impersonate(); // discard the returned identity context (which is the context of the application pool)
}
else
throw new Win32Exception(Marshal.GetLastWin32Error());
}
else
throw new Win32Exception(Marshal.GetLastWin32Error());
}
finally
{
if (logonToken != IntPtr.Zero)
Win32NativeMethods.CloseHandle(logonToken);

if (logonTokenDuplicate != IntPtr.Zero)
Win32NativeMethods.CloseHandle(logonTokenDuplicate);
}
}

///
/// Stops impersonation.
///

private void UndoImpersonation()
{
// restore saved requestor identity
if (_wic != null)
_wic.Undo();
_wic = null;
}
}
}

Code Coverage. Signed Assembly.

(Exception from HRESULT: 0x8013141A) ---> System.Security.SecurityException: Strong name validation failed. (Exception from HRESULT: 0x8013141A)

I had a problem with code coverage on a singed assembly, and the link below helped me...

http://weblogs.asp.net/soever/archive/2005/07/23/420338.aspx

VS.NET 2005: Code coverage for signed assemblies I am currently working on an application using VS.NET 2005, and because all the TDD tools like unit testing and code coverage are available I started to use them.

When I started code coverage on my signed application I got the following exception:

Test method X threw exception: System.IO.FileLoadException: Could not load file or assembly 'Y, Version=1.0.0.0, Culture=neutral, PublicKeyToken=Z' or one of its dependencies. HRESULT: 0x8013141A Strong name validation failed. ---> System.Security.SecurityException: Exception from HRESULT: 0x8013141A Strong name validation failed at X.

Not so strange if you think about it. Assembly is signed, code coverage needs code instrumentation, means modifications of the assembly, resulting in incorrect assembly so the validation failed.

Solution is to resign the assembly after instrumentation.

If you open the localtestrun.testrunconfig file (or something similar) in your solution items (double-click it), you can enable resigning in the Code Coverage section. This solves the problem.