'How to use impersonation in Blazor Server Side to access a folder on a File Server

In .NET Framework, using this would let me impersonate a user in Active Directory to gain access to a locked down folder on the file server:

[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out CarFileBusLog.SafeTokenHandle phToken);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]

Then, in the button click that copied the files to that folder:

CarFileBusLog.SafeTokenHandle safeTokenHandle;
const int LOGON32_PROVIDER_DEFAULT = 0;
const int LOGON32_LOGON_INTERACTIVE = 2;
bool returnValue = LogonUser(ConfigurationManager.AppSettings["CMU"], "<DOMAIN_NAME>", ConfigurationManager.AppSettings["CMP"], LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeTokenHandle);
using (safeTokenHandle)
{
    using (WindowsImpersonationContext impersonatedUser = WindowsIdentity.Impersonate(safeTokenHandle.DangerousGetHandle()))
    {    
       string fileExt = uploadedFile.FileName.Substring(uploadedFile.FileName.LastIndexOf('.') + 1).ToUpper();
       string ContentType = uploadedFile.ContentType.ToString();
       string BaseFilePath = ConfigurationManager.AppSettings["ClaimsDocumentFilePath"];
       string FullFilePath = BaseFilePath + ddlMVA.SelectedItem.Text.ToString() + "\\" + txtPkgNumber.Text.Trim();
       filePath = FullFilePath;
       if (!Directory.Exists(FullFilePath))
       {
           Directory.CreateDirectory(FullFilePath);
       }
    }
}

What's the Blazor server-side version of that? Is it something like this:

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-5.0&tabs=visual-studio

?



Solution 1:[1]

@using System.Runtime.InteropServices;
@using Microsoft.Win32.SafeHandles;
@using System.Security;
@using System.Security.Principal;
@using System.IO;


public string UserImp = "";
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out SafeAccessTokenHandle phToken);

const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
SafeAccessTokenHandle safeAccessTokenHandle;
bool returnValue = LogonUser("USERNAME", "DOMAINNAME", "PASSWORD", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, out safeAccessTokenHandle);
using (safeAccessTokenHandle)
{
    WindowsIdentity.RunImpersonated(safeAccessTokenHandle, () =>
      {
          string path = @"\\FS-SERVER\FOLDER1\SUBFOLDER\DESTINATIONFOLDER";
          string FileSource = @"C:\Temp\1234.JPG";
          string FileDest = path + "\\1234.JPG";
          if (!Directory.Exists(path))
          {
              Directory.CreateDirectory(path);
          }
          File.Copy(FileSource, FileDest);                  
          //Verify the user was actually being impersonated
          UserImp = WindowsIdentity.GetCurrent().Name;
      });
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1