File access with other credentials returns unexpected Results

Andreas Sander 21 Reputation points


I want to access files with the credentials of another user. This should be possible, if the current user has the SeImpersonatePrivilege. I use this code:

    login_success = LogonUser(user, domain, Password, LOGON32_LOGON_NETWORK_CLEARTEXT, LOGON32_PROVIDER_DEFAULT, &token);

    if (login_success)
      login_success = DuplicateToken(token, SECURITY_IMPERSONATION_LEVEL::SecurityImpersonation, &impersonate_token);

    if (login_success)
      login_success = ImpersonateLoggedOnUser(impersonate_token);

// Do some file access

Now I get some unexpected results:

If I use this code in a standard application, the file access fails always with ERROR_BAD_IMPERSONATION_LEVEL, even if the user has the SeImpersonatePrivilege.
If I use this code in a service, the file access is always successful, even if the user has not the SeImpersonatePrivilege.

Why is there a difference if the code is executed in an application or a service even if the same user is used?

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,447 questions
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,562 questions
0 comments No comments
{count} votes

0 additional answers

Sort by: Most helpful