[jira] Created: (LOG4NET-109) WindowsSecurityContext support for the original identity

[Henri Kuiper (JIRA)]

WindowsSecurityContext support for the original identity
--------------------------------------------------------

                 Key: LOG4NET-109
                 URL: https://issues.apache.org/jira/browse/LOG4NET-109
             Project: Log4net
          Issue Type: Improvement
          Components: Appenders
    Affects Versions: 1.2.10
            Reporter: Henri Kuiper
            Priority: Minor


I have build a web application where users enter with integrated authentication 
and impersonation is true. I however do not want all of these users to have 
write permissions in the logging folder. So I changed the 
WindowsSecurityContext class so that the logging will be done under the 
original user account (before impersonation). I made the following changes:

1. Added the property UseOriginalIdentity:

        public string UseOriginalIdentity
        {
            get
            {
                return this.m_useOriginalIdentity.ToString();
            }
            set
            {
                this.m_useOriginalIdentity = (value.ToLower() == "true");
            }
        }

2. Added an extra condition "if (!this.m_useOriginalIdentity)" to the 
ActivateOptions() member:

        public void ActivateOptions()
        {
            if (this.m_impersonationMode == ImpersonationMode.User)
            {
                if (!this.m_useOriginalIdentity)
                {
                    if (this.m_userName == null)
                    {
                      throw new ArgumentNullException("m_userName");
                    }
                    if (this.m_domainName == null)
                    {
                      throw new ArgumentNullException("m_domainName");
                    }
                    if (this.m_password == null)
                    {
                      throw new ArgumentNullException("m_password");
                    }
                    this.m_identity = 
WindowsSecurityContext.LogonUser(this.m_userName, this.m_domainName, 
this.m_password);
                }
            }
        }

3. Added a  condidion and a statement to the Impersonate() member which causes 
the impersonation to be undone:

        public override IDisposable Impersonate(object state)
        {
            if (this.m_impersonationMode == ImpersonationMode.User)
            {
                if (this.m_useOriginalIdentity)
                {
                    return new 
DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
                }
                if (this.m_identity != null)
                {
                    return new 
DisposableImpersonationContext(this.m_identity.Impersonate());
                }
              }
            else if (this.m_impersonationMode == ImpersonationMode.Process)
            {
                return new 
DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
            }
            return null;
        }


I would be pleased if this functionality could be somehow added to a new 
release.

Thanks,

Henri Kuiper

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira