Catastrophic failure when Impersonate other user

7

I'm use Enterprise library Validation block intergrated with WCF. It reports System.Runtime.InteropServices.COMException (0x8000FFFF): Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED)) when I impersonate some other user with WIN32 API LogonUser and WindowsIdentity.Impersonate. It seems there is something wrong when to get security evidence on loading configuration. If I remove the coding of impersonation, it works without any errors. These are the part of the exception stack trace, hope you give some helpers. thanks.

System.Runtime.InteropServices.COMException (0x8000FFFF): Catastrophic failure (Exception from HRESULT: 0x8000FFFF (E_UNEXPECTED))
   at System.Security.Policy.PEFileEvidenceFactory.GetLocationEvidence(SafePEFileHandle peFile, SecurityZone& zone, StringHandleOnStack retUrl)
   at System.Security.Policy.PEFileEvidenceFactory.GenerateLocationEvidence()
   at System.Security.Policy.PEFileEvidenceFactory.GenerateEvidence(Type evidenceType)
   at System.Security.Policy.AssemblyEvidenceFactory.GenerateEvidence(Type evidenceType)
   at System.Security.Policy.Evidence.GenerateHostEvidence(Type type, Boolean hostCanGenerate)
   at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
   at System.Security.Policy.Evidence.GetHostEvidence(Type type, Boolean markDelayEvaluatedEvidenceUsed)
   at System.Security.Policy.AppDomainEvidenceFactory.GenerateEvidence(Type evidenceType)
   at System.Security.Policy.Evidence.GenerateHostEvidence(Type type, Boolean hostCanGenerate)
   at System.Security.Policy.Evidence.GetHostEvidenceNoLock(Type type)
   at System.Security.Policy.Evidence.RawEvidenceEnumerator.MoveNext()
   at System.Security.Policy.Evidence.EvidenceEnumerator.MoveNext()
   at System.Configuration.ClientConfigPaths.GetEvidenceInfo(AppDomain appDomain, String exePath, String& typeName)
   at System.Configuration.ClientConfigPaths.GetTypeAndHashSuffix(AppDomain appDomain, String exePath)
   at System.Configuration.ClientConfigPaths..ctor(String exePath, Boolean includeUserConfig)
   at System.Configuration.ClientConfigPaths.GetPaths(String exePath, Boolean includeUserConfig)
   at System.Configuration.ClientConfigurationHost.CreateConfigurationContext(String configPath, String locationSubPath)
   at System.Configuration.Internal.DelegatingConfigHost.CreateConfigurationContext(String configPath, String locationSubPath)
   at System.Configuration.BaseConfigurationRecord.get_ConfigContext()
.net
asked on Stack Overflow Oct 9, 2012 by Leo Wong • edited Oct 9, 2012 by tenorsax

4 Answers

7

It looks to me like the problem is that System.Configuration does impersonation itself when loading app.config. I was able to work around this issue by running

ConfigurationManager.GetSection("system.xml/xmlReader");

while not impersonating. Doing so caused the later impersonation to succeed.

EDIT: To clarify slightly, I believe that doing this causes app.config to be loaded and cached into memory, so the code path which causes the problem is executed only once and with the original credentials.

answered on Stack Overflow Apr 3, 2014 by Curt Hagenlocher
2

After a long battle and many ProcMon captures, I have discovered that under some conditions, there is a failure when checking Security Zones during interop and while impersonating. It is related to this KB:

https://support.microsoft.com/en-us/kb/945701?wa=wsignin1.0

If you check the end where a registry node and key are added, instead of adding w3wp.exe as directed, add the filename of your own executable. This worked for me - YMMV.

answered on Stack Overflow Apr 30, 2015 by Cork
0

I am sharing this piece of code in a hope that would help future readers. It letterly helped me to get out of a 3-hour headache :)

        //This is an important line to write while impersonating.
        //It will allow SQL server connections to happen otherwise connection strings will error out.
        ConfigurationManager.GetSection("SqlColumnEncryptionEnclaveProviders");

        //Do the impersonation
        var credentials = new UserCredentials(DomainName, AccountName, Password);
        Impersonation.RunAsUser(credentials, LogonType.Interactive, () =>
        {
            //Your code here inside impersonation . . .
        });
answered on Stack Overflow Jan 16, 2020 by M. Fawad Surosh
-1

Please see my response to this on this thread in the MS forums:

http://social.msdn.microsoft.com/Forums/en-US/adodotnetdataproviders/thread/b5b7a179-3737-4380-b6cf-843f3e71b317/

This is the thread title: Connection Pooling randomly throwing COM exceptions.

You can search the text on the page for LogonUser.

answered on Stack Overflow May 27, 2013 by Brannon

User contributions licensed under CC BY-SA 3.0