You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-dev@logging.apache.org by "Nicko Cadell (JIRA)" <ji...@apache.org> on 2007/05/04 10:46:15 UTC
[jira] Resolved: (LOG4NET-109) WindowsSecurityContext support for
the original identity
[ https://issues.apache.org/jira/browse/LOG4NET-109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nicko Cadell resolved LOG4NET-109.
----------------------------------
Resolution: Invalid
Assignee: Nicko Cadell
This functionality is already supported by the WindowsSecurityContext.
> WindowsSecurityContext support for the original identity
> --------------------------------------------------------
>
> Key: LOG4NET-109
> URL: https://issues.apache.org/jira/browse/LOG4NET-109
> Project: Log4net
> Issue Type: Improvement
> Components: Appenders
> Affects Versions: 1.2.10
> Reporter: Henri Kuiper
> Assigned To: Nicko Cadell
> Priority: Minor
>
> I have build a web application where users enter with integrated authentication and impersonation is true. I however do not want all of these users to have write permissions in the logging folder. So I changed the WindowsSecurityContext class so that the logging will be done under the original user account (before impersonation). I made the following changes:
> 1. Added the property UseOriginalIdentity:
> public string UseOriginalIdentity
> {
> get
> {
> return this.m_useOriginalIdentity.ToString();
> }
> set
> {
> this.m_useOriginalIdentity = (value.ToLower() == "true");
> }
> }
> 2. Added an extra condition "if (!this.m_useOriginalIdentity)" to the ActivateOptions() member:
> public void ActivateOptions()
> {
> if (this.m_impersonationMode == ImpersonationMode.User)
> {
> if (!this.m_useOriginalIdentity)
> {
> if (this.m_userName == null)
> {
> throw new ArgumentNullException("m_userName");
> }
> if (this.m_domainName == null)
> {
> throw new ArgumentNullException("m_domainName");
> }
> if (this.m_password == null)
> {
> throw new ArgumentNullException("m_password");
> }
> this.m_identity = WindowsSecurityContext.LogonUser(this.m_userName, this.m_domainName, this.m_password);
> }
> }
> }
> 3. Added a condidion and a statement to the Impersonate() member which causes the impersonation to be undone:
> public override IDisposable Impersonate(object state)
> {
> if (this.m_impersonationMode == ImpersonationMode.User)
> {
> if (this.m_useOriginalIdentity)
> {
> return new DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
> }
> if (this.m_identity != null)
> {
> return new DisposableImpersonationContext(this.m_identity.Impersonate());
> }
> }
> else if (this.m_impersonationMode == ImpersonationMode.Process)
> {
> return new DisposableImpersonationContext(WindowsIdentity.Impersonate(IntPtr.Zero));
> }
> return null;
> }
> I would be pleased if this functionality could be somehow added to a new release.
> Thanks,
> Henri Kuiper
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.