Dear Henri, To undo the impersonation, it is simple: Use the Undo() method.
e.g. 'Create a new windows identity. Dim token2 As Integer = oSecurity.NetworkImpersonate(sPersonYouImpersonating As, sPassword, sDomain) Dim mWI2 As WindowsIdentity = New WindowsIdentity(token2) 'Impersonate the user. Dim mWIC As WindowsImpersonationContext = mWI2.Impersonate() 'Undo the impersonation mWIC.Undo() The code above is in VB and not c#, but if you know C#, I think you no problem reading the code above. Addition comments: Also, may I suggest having a way to leave the impersonation details at the xml files. i.e. The programmers can choose who they want to impersonate when logging. Regards, Eugene -----Original Message----- From: Henri Kuiper (JIRA) [mailto:[EMAIL PROTECTED] Sent: Friday, May 04, 2007 5:55 PM To: log4net-dev@logging.apache.org Subject: [jira] Commented: (LOG4NET-109) WindowsSecurityContext support for the original identity [ https://issues.apache.org/jira/browse/LOG4NET-109?page=com.atlassian.jir a.plugin.system.issuetabpanels:comment-tabpanel#action_12493641 ] Henri Kuiper commented on LOG4NET-109: -------------------------------------- You're right, but I could not find out how to undo the impersonation declarative. Perhaps it would be an idea to extend the sdk with the syntax how to do things declarative. Greetings, Henri > WindowsSecurityContext support for the original identity > -------------------------------------------------------- > > Key: LOG4NET-109 > URL: https://issues.apache.org/jira/browse/LOG4NET-109 > Project: Log4net > Issue Type: Improvement > Components: Appenders > Affects Versions: 1.2.10 > Reporter: Henri Kuiper > Assigned To: Nicko Cadell > Priority: Minor > > I have build a web application where users enter with integrated authentication and impersonation is true. I however do not want all of these users to have write permissions in the logging folder. So I changed the WindowsSecurityContext class so that the logging will be done under the original user account (before impersonation). I made the following changes: > 1. Added the property UseOriginalIdentity: > public string UseOriginalIdentity > { > get > { > return this.m_useOriginalIdentity.ToString(); > } > set > { > this.m_useOriginalIdentity = (value.ToLower() == "true"); > } > } > 2. Added an extra condition "if (!this.m_useOriginalIdentity)" to the ActivateOptions() member: > public void ActivateOptions() > { > if (this.m_impersonationMode == ImpersonationMode.User) > { > if (!this.m_useOriginalIdentity) > { > if (this.m_userName == null) > { > throw new ArgumentNullException("m_userName"); > } > if (this.m_domainName == null) > { > throw new ArgumentNullException("m_domainName"); > } > if (this.m_password == null) > { > throw new ArgumentNullException("m_password"); > } > this.m_identity = WindowsSecurityContext.LogonUser(this.m_userName, this.m_domainName, this.m_password); > } > } > } > 3. Added a condidion and a statement to the Impersonate() member which causes the impersonation to be undone: > public override IDisposable Impersonate(object state) > { > if (this.m_impersonationMode == ImpersonationMode.User) > { > if (this.m_useOriginalIdentity) > { > return new DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero)) ; > } > if (this.m_identity != null) > { > return new DisposableImpersonationContext(this.m_identity.Impersonate()); > } > } > else if (this.m_impersonationMode == ImpersonationMode.Process) > { > return new DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero)) ; > } > return null; > } > I would be pleased if this functionality could be somehow added to a new release. > Thanks, > Henri Kuiper -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.