WindowsIdentity.RunImpersonated Method
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
RunImpersonated(SafeAccessTokenHandle, Action) |
Runs the specified action as the impersonated Windows identity. Instead of using an impersonated method call and running your function in WindowsImpersonationContext, you can use RunImpersonated(SafeAccessTokenHandle, Action) and provide your function directly as a parameter. |
RunImpersonated<T>(SafeAccessTokenHandle, Func<T>) |
Runs the specified function as the impersonated Windows identity. Instead of using an impersonated method call and running your function in WindowsImpersonationContext, you can use RunImpersonated(SafeAccessTokenHandle, Action) and provide your function directly as a parameter. |
Runs the specified action as the impersonated Windows identity. Instead of using an impersonated method call and running your function in WindowsImpersonationContext, you can use RunImpersonated(SafeAccessTokenHandle, Action) and provide your function directly as a parameter.
public:
static void RunImpersonated(Microsoft::Win32::SafeHandles::SafeAccessTokenHandle ^ safeAccessTokenHandle, Action ^ action);
public static void RunImpersonated (Microsoft.Win32.SafeHandles.SafeAccessTokenHandle safeAccessTokenHandle, Action action);
static member RunImpersonated : Microsoft.Win32.SafeHandles.SafeAccessTokenHandle * Action -> unit
Public Shared Sub RunImpersonated (safeAccessTokenHandle As SafeAccessTokenHandle, action As Action)
Parameters
- safeAccessTokenHandle
- SafeAccessTokenHandle
The SafeAccessTokenHandle of the impersonated Windows identity.
- action
- Action
The System.Action to run.
Examples
The following example demonstrates the use of the WindowsIdentity class to impersonate a user.
Warning
This sample asks the user to enter a password on the console screen. The password will be visible on the screen, because the console window does not support masked input natively.
// The following example demonstrates the use of the WindowsIdentity class to impersonate a user.
// IMPORTANT NOTE:
// This sample asks the user to enter a password on the console screen.
// The password will be visible on the screen, because the console window
// does not support masked input natively.
using System;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Principal;
using Microsoft.Win32.SafeHandles;
public class ImpersonationDemo
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken);
public static void Main()
{
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
string domainName = Console.ReadLine();
Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
string userName = Console.ReadLine();
Console.Write("Enter the password for {0}: ", userName);
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
SafeAccessTokenHandle safeAccessTokenHandle;
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeAccessTokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
Console.WriteLine("LogonUser failed with error code : {0}", ret);
throw new System.ComponentModel.Win32Exception(ret);
}
Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No"));
// Check the identity.
Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name);
// Note: if you want to run as unimpersonated, pass
// 'SafeAccessTokenHandle.InvalidHandle' instead of variable 'safeAccessTokenHandle'
WindowsIdentity.RunImpersonated(
safeAccessTokenHandle,
// User action
() =>
{
// Check the identity.
Console.WriteLine("During impersonation: " + WindowsIdentity.GetCurrent().Name);
}
);
// Check the identity again.
Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name);
}
}
Remarks
Note
This method may be used reliably with the async/await pattern, unlike Impersonate
. In an async method, the generic overload of this method may be used with an async delegate argument so that the resulting task may be awaited.
Applies to
.NET 9 and other versions
Product | Versions |
---|---|
.NET | Core 1.0, Core 1.1, 6, 7, 8, 9 |
.NET Framework | 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
.NET Standard | 2.0 (package-provided) |
Windows Desktop | 3.0, 3.1, 5 |
Runs the specified function as the impersonated Windows identity. Instead of using an impersonated method call and running your function in WindowsImpersonationContext, you can use RunImpersonated(SafeAccessTokenHandle, Action) and provide your function directly as a parameter.
public:
generic <typename T>
static T RunImpersonated(Microsoft::Win32::SafeHandles::SafeAccessTokenHandle ^ safeAccessTokenHandle, Func<T> ^ func);
public static T RunImpersonated<T> (Microsoft.Win32.SafeHandles.SafeAccessTokenHandle safeAccessTokenHandle, Func<T> func);
static member RunImpersonated : Microsoft.Win32.SafeHandles.SafeAccessTokenHandle * Func<'T> -> 'T
Public Shared Function RunImpersonated(Of T) (safeAccessTokenHandle As SafeAccessTokenHandle, func As Func(Of T)) As T
Type Parameters
- T
The type of object used by and returned by the function.
Parameters
- safeAccessTokenHandle
- SafeAccessTokenHandle
The SafeAccessTokenHandle of the impersonated Windows identity.
- func
- Func<T>
The System.Func to run.
Returns
The result of the function.
Examples
The following example demonstrates the use of the WindowsIdentity class to impersonate a user.
Warning
This sample asks the user to enter a password on the console screen. The password will be visible on the screen, because the console window does not support masked input natively.
// The following example demonstrates the use of the WindowsIdentity class to impersonate a user.
// IMPORTANT NOTE:
// This sample asks the user to enter a password on the console screen.
// The password will be visible on the screen, because the console window
// does not support masked input natively.
using System;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Principal;
using Microsoft.Win32.SafeHandles;
public class ImpersonationDemo
{
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken);
public static void Main()
{
// Get the user token for the specified user, domain, and password using the
// unmanaged LogonUser method.
// The local machine name can be used for the domain name to impersonate a user on this machine.
Console.Write("Enter the name of the domain on which to log on: ");
string domainName = Console.ReadLine();
Console.Write("Enter the login of a user on {0} that you wish to impersonate: ", domainName);
string userName = Console.ReadLine();
Console.Write("Enter the password for {0}: ", userName);
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
SafeAccessTokenHandle safeAccessTokenHandle;
bool returnValue = LogonUser(userName, domainName, Console.ReadLine(),
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeAccessTokenHandle);
if (false == returnValue)
{
int ret = Marshal.GetLastWin32Error();
Console.WriteLine("LogonUser failed with error code : {0}", ret);
throw new System.ComponentModel.Win32Exception(ret);
}
Console.WriteLine("Did LogonUser Succeed? " + (returnValue ? "Yes" : "No"));
// Check the identity.
Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name);
// Note: if you want to run as unimpersonated, pass
// 'SafeAccessTokenHandle.InvalidHandle' instead of variable 'safeAccessTokenHandle'
WindowsIdentity.RunImpersonated(
safeAccessTokenHandle,
// User action
() =>
{
// Check the identity.
Console.WriteLine("During impersonation: " + WindowsIdentity.GetCurrent().Name);
}
);
// Check the identity again.
Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name);
}
}
Remarks
Note
This method may be used reliably with the async/await pattern, unlike Impersonate
. In an async method, this method may be used with an async delegate argument so that the resulting task may be awaited.
Applies to
.NET 9 and other versions
Product | Versions |
---|---|
.NET | Core 1.0, Core 1.1, 6, 7, 8, 9 |
.NET Framework | 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 |
.NET Standard | 2.0 (package-provided) |
Windows Desktop | 3.0, 3.1, 5 |
.NET feedback
.NET is an open source project. Select a link to provide feedback: