Return to
HomePageASPNET2SecurityFAQs
Question: How do I temporarily impersonate the original caller?
Answer:
To temporarily impersonate the original caller in your application's Web.config file, set the mode attribute of the
<authentication> element to Windows and the
impersonate attribute of the
<identity> element to false. In IIS, disable anonymous access and select Integrated Windows authentication mechanism.
If your application is such that it uses the ASP.NET worker process Identity for the most part and needs to use original users security context for accessing specific resources or perform specific operation. You should temporarily impersonate the original caller
Here is how you impersonate the original caller temporarily
* Configure web.config file as follows
<authentication mode="Windows" />
<identity impersonate="false" />
* Use following code for impersonating the original caller
using System.Security.Principal;
….
// Obtain the authenticated user's Identity token
[WindowsIdentity] winId [=(WindowsIdentity)]
[HttpContext.Current.User.Identity;]
[WindowsImpersonationContext] ctx = winId.Impersonate();
// Access resources using the identity of the authenticated
// user
// Revert impersonation
ctx.Undo();
More Information
For more information on using impersonation, see “How To: Use Impersonation and Delegation in ASP.NET 2.0” at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000023.asp
Return to
HomePageASPNET2SecurityFAQs
WindowsClient: Several WPF Localization questions
Silverlight: Commitments
Mix Online: When Projects Fall Apart
Channel 10: Adding Flip 3D to Windows 7's Taskbar
