[ https://issues.apache.org/jira/browse/LOG4NET-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12478426 ]
Nicko Cadell commented on LOG4NET-109: -------------------------------------- What happens if you use: <securityContext type="log4net.WindowsSecurityContext"> <credentials value="Process" /> </securityContext> > WindowsSecurityContext support for the original identity > -------------------------------------------------------- > > Key: LOG4NET-109 > URL: https://issues.apache.org/jira/browse/LOG4NET-109 > Project: Log4net > Issue Type: Improvement > Components: Appenders > Affects Versions: 1.2.10 > Reporter: Henri Kuiper > Priority: Minor > > I have build a web application where users enter with integrated > authentication and impersonation is true. I however do not want all of these > users to have write permissions in the logging folder. So I changed the > WindowsSecurityContext class so that the logging will be done under the > original user account (before impersonation). I made the following changes: > 1. Added the property UseOriginalIdentity: > public string UseOriginalIdentity > { > get > { > return this.m_useOriginalIdentity.ToString(); > } > set > { > this.m_useOriginalIdentity = (value.ToLower() == "true"); > } > } > 2. Added an extra condition "if (!this.m_useOriginalIdentity)" to the > ActivateOptions() member: > public void ActivateOptions() > { > if (this.m_impersonationMode == ImpersonationMode.User) > { > if (!this.m_useOriginalIdentity) > { > if (this.m_userName == null) > { > throw new ArgumentNullException("m_userName"); > } > if (this.m_domainName == null) > { > throw new ArgumentNullException("m_domainName"); > } > if (this.m_password == null) > { > throw new ArgumentNullException("m_password"); > } > this.m_identity = > WindowsSecurityContext.LogonUser(this.m_userName, this.m_domainName, > this.m_password); > } > } > } > 3. Added a condidion and a statement to the Impersonate() member which > causes the impersonation to be undone: > public override IDisposable Impersonate(object state) > { > if (this.m_impersonationMode == ImpersonationMode.User) > { > if (this.m_useOriginalIdentity) > { > return new > DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero)); > } > if (this.m_identity != null) > { > return new > DisposableImpersonationContext(this.m_identity.Impersonate()); > } > } > else if (this.m_impersonationMode == ImpersonationMode.Process) > { > return new > DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero)); > } > return null; > } > I would be pleased if this functionality could be somehow added to a new > release. > Thanks, > Henri Kuiper -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.