Home/ Questions/Q 7083973
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T07:14:39+00:00

I’m trying to create a folder using credentials of a limited admin account supplied

  • 0

I’m trying to create a folder using credentials of a limited admin account supplied by an encrypted .config file- right now my code is running under the assumption that the user has no access to these directories, so an unauthorizedexception is thrown, when given access the code otherwise works, but i can’t do that as it would compromise our security. I know how to get my username / password out of the encrypted file already, i’m just not sure as to what library or syntax i should use to impersonate; this is my code:

//set the cursor

string activeDir = "\\\\department\\shares\\users\\";

//create directory with userID as the folder name

string newPath = System.IO.Path.Combine(activeDir + userID);

System.IO.Directory.CreateDirectory(newPath);

so i need a way to supply credentials but i’m at a loss- i’ve been using System.DirectoryServices.AccountManagement and the pricipalcontext to supply a username/password for making changes to the active directory… do i need to use a similar library to make changes to the file system?
any help would be appreciated, thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you could impersonate that user temporarily for the thread performing this action. It seems that this only can be done with P/Invoke. Have a look at this example.

    using (var impersonation = new ImpersonatedUser(decryptedUser, decryptedDomain, decryptedPassword))
{
  Directory.CreateDirectory(newPath);
}

    For the sake of completeness (if the link stops working some day), find the ImpersonatedUser class below (credits to Jon Cole):

    using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
using System.Security.Principal;

public class ImpersonatedUser : IDisposable
{
    IntPtr userHandle;

    WindowsImpersonationContext impersonationContext;

    public ImpersonatedUser(string user, string domain, string password)
    {
        userHandle = IntPtr.Zero;

        bool loggedOn = LogonUser(
            user,
            domain,
            password,
            LogonType.Interactive,
            LogonProvider.Default,
            out userHandle); 

        if (!loggedOn)
            throw new Win32Exception(Marshal.GetLastWin32Error());

        // Begin impersonating the user
        impersonationContext = WindowsIdentity.Impersonate(userHandle);
    } 

    public void Dispose()
    {
        if (userHandle != IntPtr.Zero)
        {
            CloseHandle(userHandle);

            userHandle = IntPtr.Zero;

            impersonationContext.Undo();
        }
    } 

    [DllImport("advapi32.dll", SetLastError = true)]
    static extern bool LogonUser(

        string lpszUsername,

        string lpszDomain,

        string lpszPassword,

        LogonType dwLogonType,

        LogonProvider dwLogonProvider,

        out IntPtr phToken

        );

    [DllImport("kernel32.dll", SetLastError = true)]
    static extern bool CloseHandle(IntPtr hHandle);

    enum LogonType : int
    {
        Interactive = 2,
        Network = 3,
        Batch = 4,
        Service = 5,
        NetworkCleartext = 8,
        NewCredentials = 9,
    }

    enum LogonProvider : int
    {
        Default = 0,
    }

}
    • 0