LogonUser

LogonUser Method

Object: FileManager

Syntax: LogonUser ([in] DomainName, [in] Username, [in] Password, [in] LogonType)

Description:

LogonUser is a very powerful method. While a given ASP page is executing, you can use it to switch user contexts, so the rest of the page executes as the specified user. To return to the previous user context, use the RevertToSelf method.

LogonUser calls cannot be nested. Every LogonUser must have a RevertToSelf before issuing another LogonUser.

LogonUser allows you to become a different user, perform some privileged file manipulations, and then return the previous security context of the execution thread.

Every LogonUser should have a corresponding RevertToSelf.

The password will be supplied in clear-text, so you must be particularly vigilant about either:

protecting the ASP source code from malicious users, or
using SSL to get a password from a user

LogonType can be one of the following:

Constant	Value	Description
saLogon_Interactive	2	Interactive Logon. This is the default.
saLogon_Network	3	Network Logon.
saLogon_Batch	4	Batch Logon.
saLogon_Service	5	Logon as a service.

These constants can be found using the IIS 4 or later TypeLibrary feature, or by viewing the vbFileManagerInclude.asp file contained in the .\Samples\directory.

You may get an error in the following situation: When an application is run out of process, the IWAM_<Machine Name> account is used for authentication. IWAM_<Machine Name> does not have the right to "Act as part of the operating system."

To correct this, either:

Use SA-FileManager in process only.

Or:

Grant the IWAM_<Machine Name> account the right to "Act as part of the operating system":

Open "User Manager for Domains" ("User Manager" if you are using a Workgroup network).
Select User Rights from the Policies Menu.
Enable the "Show advance user rights" checkbox.
Select "Act as part of the Operating System" from the dropdown list of rights.
Add the IWAM_<Machine Name> account to this list.
Click OK and close the User Manager.