i have application in c# i'm trying update ad impersonating user.
i'm reading ad in order let users update noncritical fields phone numbers of ad account. in order that, created new user permissions update ad entry. verified user's permissions logging machine him , starting program him, , update user's entry.
i'm using uwe keim's impersonator class , impersonation seems occur successfully, i.e. no exceptions.
however, tests have shown i'm still using own logged in user update ad, despite impersonation. can update own ad entry fine, neither impersonated user's nor other ad entry. seems there's no impersonation happening @ all?
i tried verify impersonator trying using wrong credentials, , received appropriate error messages in return. user credentials correct , checked against ad.
here's relevant code, nonrelevant or sensitive parts blacked out [...]:
private void savetoad() { try { [...] using (new impersonator(@"<user>", @"<domain>", @"<password>")) { foreach ([...]) { directoryentry entry = [...]; entry.properties[...].value = [...]; entry.commitchanges(); } } [...] } catch (unauthorizedaccessexception ex) { // handling } catch (win32exception ex) { // handling } { cursor = cursors.arrow; } } can tell me what's going wrong or point me in direction?
why not use directoryentry constructor establish adsi connection user want impersonate (assuming have credentials).
e.g.
using (var dirroot = new directoryentry("ldap://cn=user object, dc=domain, dc=com", @"<domain>\<user>", "<password>")) { dirroot.properties["l"].value = "yada"; dirroot.commitchanges(); } 
Comments
Post a Comment