How do I temporarily impersonate the original caller?

From Guidance Share

Jump to: navigation, search

J.D. Meier, Prashant Bansode, Alex Mackman

Answer

To temporarily impersonate the original caller in your application's Web.config file, set the mode attribute of the <authentication> element to Windows and the impersonate attribute of the <identity> element to false. In IIS, disable anonymous access and select Integrated Windows authentication mechanism. If your application is such that it uses the ASP.NET worker process Identity for the most part and needs to use original users security context for accessing specific resources or perform specific operation. You should temporarily impersonate the original caller Here is how you impersonate the original caller temporarily

  • Configure web.config file as follows
<authentication mode="Windows" />
<identity impersonate="false" />
  • Use following code for impersonating the original caller
using System.Security.Principal;
….
// Obtain the authenticated user's Identity token
WindowsIdentity winId =(WindowsIdentity)
HttpContext.Current.User.Identity;
WindowsImpersonationContext ctx = winId.Impersonate();
// Access resources using the identity of the authenticated 
// user
// Revert impersonation
ctx.Undo();

More Information

For more information on using impersonation, see “How To: Use Impersonation and Delegation in ASP.NET 2.0” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000023.asp

Personal tools