Hi people,

I have the following problem:

User A sits at Computer A and is logged on using a domain account. They run an app that connects to a Windows service on computer B in order to gain access to a database on Computer C that holds encrypted information that only Computer B has the keys in which to decrypt it.

The problem is how can I impersonate any user that connects to the windows service on Computer B so that it connects to the database on Computer C using SSPI and that user account that is being used at computer A instead of the LocalSystem account which is the context that the Windows service will be running under?

Any ideas appreciated.

Thanks,

Delboy

Can you modify to client/server software? What languages?

For .NET applications you can start by looking up NegotiateStream and WindowsIdentity for a quick way to exchange credentials and impersonate the client user. Or WindowsImpersonationContext if you want to handle the exchange yourself.

For native C/C++ applications you should look at the AcquireCredentialsHandle, InitializeSecurityContext, AcceptSecurityContext and ImpersonateSecurityContext functions.

- petter

Oops sorry forgot to mention the language! It was .NET 2.0 and I can change the software. This is exactly what I needed to know thanks for that i'll take a look.

Delboy