[jira] Commented: (LOG4NET-109) WindowsSecurityContext support for the original identity

Tue, 06 Mar 2007 06:37:45 -0800 

    [ 
https://issues.apache.org/jira/browse/LOG4NET-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12478426
 ] 

Nicko Cadell commented on LOG4NET-109:
--------------------------------------

What happens if you use:

      <securityContext type="log4net.WindowsSecurityContext">
        <credentials value="Process" />
      </securityContext>

> WindowsSecurityContext support for the original identity
> --------------------------------------------------------
>
>                 Key: LOG4NET-109
>                 URL: https://issues.apache.org/jira/browse/LOG4NET-109
>             Project: Log4net
>          Issue Type: Improvement
>          Components: Appenders
>    Affects Versions: 1.2.10
>            Reporter: Henri Kuiper
>            Priority: Minor
>
> I have build a web application where users enter with integrated 
> authentication and impersonation is true. I however do not want all of these 
> users to have write permissions in the logging folder. So I changed the 
> WindowsSecurityContext class so that the logging will be done under the 
> original user account (before impersonation). I made the following changes:
> 1. Added the property UseOriginalIdentity:
>         public string UseOriginalIdentity
>         {
>             get
>             {
>                 return this.m_useOriginalIdentity.ToString();
>             }
>             set
>             {
>                 this.m_useOriginalIdentity = (value.ToLower() == "true");
>             }
>         }
> 2. Added an extra condition "if (!this.m_useOriginalIdentity)" to the 
> ActivateOptions() member:
>         public void ActivateOptions()
>         {
>             if (this.m_impersonationMode == ImpersonationMode.User)
>             {
>                 if (!this.m_useOriginalIdentity)
>                 {
>                     if (this.m_userName == null)
>                     {
>                       throw new ArgumentNullException("m_userName");
>                     }
>                     if (this.m_domainName == null)
>                     {
>                       throw new ArgumentNullException("m_domainName");
>                     }
>                     if (this.m_password == null)
>                     {
>                       throw new ArgumentNullException("m_password");
>                     }
>                     this.m_identity = 
> WindowsSecurityContext.LogonUser(this.m_userName, this.m_domainName, 
> this.m_password);
>                 }
>             }
>         }
> 3. Added a  condidion and a statement to the Impersonate() member which 
> causes the impersonation to be undone:
>         public override IDisposable Impersonate(object state)
>         {
>             if (this.m_impersonationMode == ImpersonationMode.User)
>             {
>                 if (this.m_useOriginalIdentity)
>                 {
>                     return new 
> DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
>                 }
>                 if (this.m_identity != null)
>                 {
>                     return new 
> DisposableImpersonationContext(this.m_identity.Impersonate());
>                 }
>               }
>             else if (this.m_impersonationMode == ImpersonationMode.Process)
>             {
>                 return new 
> DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
>             }
>             return null;
>         }
> I would be pleased if this functionality could be somehow added to a new 
> release.
> Thanks,
> Henri Kuiper

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to