Friday, March 19, 2010


"Perceptions of trustworthiness often arise from the consistency between what you say and what you do."

- Shill and Moussa, The Art of Woo, Pg 107

Wednesday, March 17, 2010

Online Paint

Ever wanted to draw something online?
  • This one does a very nice job of giving you advanced editing features such as layers and such.  While at it, also check out the music studio and fire-fox add-on which lets you snap pictures of sections of web pages.  Well done.
  • Google docs: You can now insert images right into your google doc.  Well done.  Each strokes can overlap, yet each one is automatically in a layer of its own.  You can bring it forward and back.
  • Digital drawing: it gives you the jpg preview online
  • Art Pad: Pretty cool, but they want your email address so they can email your picture to you.

Thursday, March 11, 2010

Automating Impersonation in C# Code

Here's a quick way to impersonate in code. An example usage is provided at the bottom.
Create a new page in your App_Code folder and paste the following code there:
using System;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;

[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode = true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "FullTrust")]
public class CustomImpersonation

    #region Fields

    private IntPtr tokenHandle = new IntPtr(0);
    private IntPtr dupeTokenHandle = new IntPtr(0);
    private WindowsImpersonationContext impersonationContext;


    #region Ctor
    public CustomImpersonation() : base() { }

    #region Extern Public Methods
    [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
    public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
        int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
    //[DllImport("kernel32.dll", CharSet = System.Runtime.InteropServices.CharSet.Auto)]
    //private unsafe static extern int FormatMessage(int dwFlags, ref IntPtr lpSource,
    //    int dwMessageId, int dwLanguageId, ref String lpBuffer, int nSize, IntPtr* Arguments);
    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
    public extern static bool CloseHandle(IntPtr handle);
    [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
    public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
        int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
    #region Public Methods
    /// Pass user account you wish to impersonate.
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] public void Impersonate(string userName, string password, string domainName) { try { const int LOGON32_PROVIDER_DEFAULT = 0; //This parameter causes LogonUser to create a primary token. const int LOGON32_LOGON_INTERACTIVE = 2; this.tokenHandle = IntPtr.Zero; // Call LogonUser to obtain a handle to an access token. bool returnValue = LogonUser(userName, domainName, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle); if (false == returnValue) { int ret = Marshal.GetLastWin32Error(); throw new System.ComponentModel.Win32Exception(ret); } // Use the token handle returned by LogonUser. WindowsIdentity newId = new WindowsIdentity(tokenHandle); this.impersonationContext = newId.Impersonate(); } catch (Exception ex) { throw ex; } } /// /// Stop impersonating the user. /// ///
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] public void Undo() { this.impersonationContext.Undo(); // Free the tokens. if (this.tokenHandle != IntPtr.Zero) CloseHandle(this.tokenHandle); } #endregion }
//create new instance
CustomImpersonation myImpersonation = new CustomImpersonation();
    // start impersonation                

    //put the code you want to run while impersonating the user account here
} catch(Exception ex) {
 throw ex;
} finally {

How to Write to the Event Log using C#

    ///  Logs a message to the eventlog and returns true if successful.
    public static bool LogMessageToEventLog(string source, string logName, string message, EventLogEntryType eventType, int eventId)
        //need to impersonate user in order to gain access to the EventLog.SourceExists method
        System.Security.Principal.WindowsImpersonationContext impersonationContext=null;
            //impersonate the current windows user -- assumes your application is using windows authentication
            impersonationContext = ((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate();

            //First we need to make sure that this source doesnt exist yet
            if (!EventLog.SourceExists(source))
                //Create our source by providing the source and the name of the
                //new log name
                EventLog.CreateEventSource(source, logName);

                //Due to latency we want to wait a bit for the source and
                //log to be created. So we will sleep for 3 seconds

            //Now we need a new instance of the EventLog
            EventLog log = new EventLog();
            //Set the source we're writing to
            log.Source = source;

            //Now write an entry
            log.WriteEntry(message, eventType, eventId);
            return true;
        catch (Exception ex)
            return false;
        finally {
            if (impersonationContext != null) impersonationContext.Undo();