You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-dev@logging.apache.org by "Henri Kuiper (JIRA)" <ji...@apache.org> on 2007/03/06 14:17:24 UTC
[jira] Commented: (LOG4NET-109) WindowsSecurityContext support for
the original identity
[ https://issues.apache.org/jira/browse/LOG4NET-109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12478403 ]
Henri Kuiper commented on LOG4NET-109:
--------------------------------------
I agree, I forgot to mention that I needed to undo the impersonation declaratively in the config file. I've been looking but couldn't find a way to do this. If I'm missing something here, please let me know. The way I use my changed functionality is as follows:
<log4net>
<appender name="RollingFileAppender" type="log4net.Appender.RollingFileAppender">
...
<securityContext type="log4net.WindowsSecurityContext">
<UseOriginalIdentity value="true" />
</securityContext>
...
</appender>
...
</log4net>
Greetings,
Henri
> WindowsSecurityContext support for the original identity
> --------------------------------------------------------
>
> Key: LOG4NET-109
> URL: https://issues.apache.org/jira/browse/LOG4NET-109
> Project: Log4net
> Issue Type: Improvement
> Components: Appenders
> Affects Versions: 1.2.10
> Reporter: Henri Kuiper
> Priority: Minor
>
> I have build a web application where users enter with integrated authentication and impersonation is true. I however do not want all of these users to have write permissions in the logging folder. So I changed the WindowsSecurityContext class so that the logging will be done under the original user account (before impersonation). I made the following changes:
> 1. Added the property UseOriginalIdentity:
> public string UseOriginalIdentity
> {
> get
> {
> return this.m_useOriginalIdentity.ToString();
> }
> set
> {
> this.m_useOriginalIdentity = (value.ToLower() == "true");
> }
> }
> 2. Added an extra condition "if (!this.m_useOriginalIdentity)" to the ActivateOptions() member:
> public void ActivateOptions()
> {
> if (this.m_impersonationMode == ImpersonationMode.User)
> {
> if (!this.m_useOriginalIdentity)
> {
> if (this.m_userName == null)
> {
> throw new ArgumentNullException("m_userName");
> }
> if (this.m_domainName == null)
> {
> throw new ArgumentNullException("m_domainName");
> }
> if (this.m_password == null)
> {
> throw new ArgumentNullException("m_password");
> }
> this.m_identity = WindowsSecurityContext.LogonUser(this.m_userName, this.m_domainName, this.m_password);
> }
> }
> }
> 3. Added a condidion and a statement to the Impersonate() member which causes the impersonation to be undone:
> public override IDisposable Impersonate(object state)
> {
> if (this.m_impersonationMode == ImpersonationMode.User)
> {
> if (this.m_useOriginalIdentity)
> {
> return new DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
> }
> if (this.m_identity != null)
> {
> return new DisposableImpersonationContext(this.m_identity.Impersonate());
> }
> }
> else if (this.m_impersonationMode == ImpersonationMode.Process)
> {
> return new DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
> }
> return null;
> }
> I would be pleased if this functionality could be somehow added to a new release.
> Thanks,
> Henri Kuiper
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.