Chris, The thread is impersonating "gcsadmin", so LoadUserProfile is called by "gcsadmin", this account must have Administrators privileges to do so.
Willy. ----- Original Message ----- From: "Chris Post" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 10, 2002 12:52 AM Subject: [DOTNET] calling LoadUserProfile from a ASP.NET webservice > I am attempting to call LoadUserProfile from a web service. However, I > get an ERROR_PRIVILEGE_NOT_HELD error when I make the call. I have > assigned, the "Act as part of the operating system" privilege to the > ASPNET account. > > The account I am using in the LogonUser call has Administrator privileges > as well as the "Act as part of the operating system" privilege. > > I am running on Windows XP and have the .NET Framework SP1 installed as > well. Any assistance that you can offer would be greatly appreciated. > > Thanks in advance. > > Here is the code that generates the error: > > [WebMethod] > public void LoadUserProfile() > { > int LastError = 0; > if(impersonateValidUser("gcsadmin", ".", "bobo99")) > { > m_Profile.dwFlags=0x00000001; > m_Profile.UserName="gcsadmin"; > m_Profile.dwSize=(uint)Marshal.SizeOf(m_Profile); > > if(0==LoadUserProfile(m_DuplicateToken, ref m_Profile)) > { > LastError = Marshal.GetLastWin32Error(); > } > undoImpersonation(); > } > else > { > //Your impersonation failed. Therefore, include a > //fail-safe mechanism here. > } > } > > private bool impersonateValidUser(String userName, String domain, > String password) > { > WindowsIdentity tempWindowsIdentity; > this.m_Token = IntPtr.Zero; > this.m_DuplicateToken = IntPtr.Zero; > > if(LogonUser(userName, domain, password, LOGON32_LOGON_INTERACTIVE, > LOGON32_PROVIDER_DEFAULT, ref m_Token) != 0) > { > if(DuplicateToken(m_Token, 2, ref m_DuplicateToken) != 0) > { > tempWindowsIdentity = new WindowsIdentity(m_DuplicateToken); > m_impersonationContext = tempWindowsIdentity.Impersonate(); > if (m_impersonationContext != null) > return true; > else > return false; > } > else > return false; > } > else > return false; > } > > private void undoImpersonation() > { > m_impersonationContext.Undo(); > } > > You can read messages from the DOTNET archive, unsubscribe from DOTNET, or > subscribe to other DevelopMentor lists at http://discuss.develop.com. > You can read messages from the DOTNET archive, unsubscribe from DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.