Can I impersonate a user on a different Active Directory domain in .NET?

.net active-directory cross-domain impersonation
John Ingle picture John Ingle · Jun 15, 2009 · Viewed 17.3k times · Source

I have two Active Directory domains, A and B. Users in domain A need to run an application on their desktops to view and manipulate a resource located on a server in domain B. Each user also has an account in domain B. Is it possible to impersonate each user's domain B identity to perform operations on the domain B resource programatically?

Example Workflow:

  1. User logs in to domain A.
  2. User launches desktop application.
  3. User specifies resource in domain B.
  4. Application prompts user for domain B credentials.
  5. Application impersonates user's domain B identity to access specified resource.
  6. User manipulates domain B resource using application.

Answer

Nadim J picture Nadim J · Sep 2, 2009

If your computer (the one doing the impersonation) is a member of a domain which does not trust the domain of the user account you are trying to impersonate, then impersonation will fail. Anybody who says otherwise, I would love to see proof.

Related questions

How can I get a list of users from active directory?

How can I get a list of users from active directory? Is there a way to pull username, firstname, lastname? I saw a similar post where this was used: PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"); I have never done …

Read More
How to get the current user's Active Directory details in C#

I am working on an C# and ASP.Net application, that uses Windows Authentication. i.e. in Web.config: <system.web> <authentication mode="Windows" /> </system.web> I want to get details for the current …

Read More
Error 0x80005000 and DirectoryServices

I'm trying to run a simple LDAP query using directory services in .Net. DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com"); directoryEntry.AuthenticationType = AuthenticationTypes.Secure; DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry); directorySearcher.Filter = string.Format("(&(objectClass=…

Read More