39
votes

Is there a way to tell my code to run as a different user?

I am calling NetUserSetInfo via a PInvoke and I need to call it as a different user. Is there a way to do that?

3

3 Answers

30
votes

Impersonation requires calling some native APIs (namely, LogonUser) so it's probably not worth posting 3 pages of wrapper code. This page has a complete working sample: http://platinumdogs.wordpress.com/2008/10/30/net-c-impersonation-with-network-credentials/

Note that impersonation has important security considerations. Make sure you follow best practices.

30
votes

Probably the best and the cleanest code that I have seen so far is this:

var credentials = new UserCredentials(domain, username, password);
Impersonation.RunAsUser(credentials, logonType, () =>
{
    // do whatever you want as this user.
});

Just follow Github or Nuget.

11
votes

This article explains it pretty succinctly:

Here's a code snippet from the article:

IntPtr accessToken = IntPtr.Zero;
....
//You have to initialize your accessToken with API calling 
....
WindowsIdentity identity = new WindowsIdentity(accessToken);
WindowsImpersonationContext context = identity.Impersonate();
...
// Now your code is using the new WindowsLogin and you can do what ever this login can do
...

//Now you can return to your current login of Windows
context.Undo();