Developer Network >> Windows Central >> Windows OS Issues

Network Security Coding Question

Hi people,

I have the following problem:

User A sits at Computer A and is logged on using a domain account. They run an app that connects to a Windows service on computer B in order to gain access to a database on Computer C that holds encrypted information that only Computer B has the keys in which to decrypt it.

The problem is how can I impersonate any user that connects to the windows service on Computer B so that it connects to the database on Computer C using SSPI and that user account that is being used at computer A instead of the LocalSystem account which is the context that the Windows service will be running under?

Any ideas appreciated.

Thanks,

Delboy

[726 byte] By [DelboyDee] at [2007-11-20 11:56:59]

«« Shell to Notepad in "Vista"
»» Multi Form Requirement

# 1 Re: Network Security Coding Question

Can you modify to client/server software? What languages?

For .NET applications you can start by looking up NegotiateStream and WindowsIdentity for a quick way to exchange credentials and impersonate the client user. Or WindowsImpersonationContext if you want to handle the exchange yourself.

For native C/C++ applications you should look at the AcquireCredentialsHandle, InitializeSecurityContext, AcceptSecurityContext and ImpersonateSecurityContext functions.

- petter

wildfrog at 2007-11-10 3:39:55 >

It' is a microsoft Developer Network Technologies site...

Network Security Coding Question

Windows Central

All Classified

Windows Central New Topic

Windows Central Hot Topic