Question - How do I temporarily impersonate the original caller

J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Andy Wigley, Kishore Gopalan

Applies to

ASP.NET 2.0

Answer:

To temporarily impersonate the original caller in your application's Web.config file, set the mode attribute of the <authentication> element to Windows and the impersonate attribute of the <identity> element to false. In IIS, disable anonymous access and select Integrated Windows authentication mechanism. If your application is such that it uses the ASP.NET worker process Identity for the most part and needs to use original users security context for accessing specific resources or perform specific operation. You should temporarily impersonate the original caller Here is how you impersonate the original caller temporarily

Configure web.config file as follows

<authentication mode="Windows" />
<identity impersonate="false" />

Use following code for impersonating the original caller

using System.Security.Principal;
….
// Obtain the authenticated user's Identity token
WindowsIdentity winId =(WindowsIdentity)
HttpContext.Current.User.Identity;
WindowsImpersonationContext ctx = winId.Impersonate();
// Access resources using the identity of the authenticated 
// user
// Revert impersonation
ctx.Undo();

Additional Resources

For more information on using impersonation, see "How To: Use Impersonation and Delegation in ASP.NET 2.0" at http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGHT000023.asp

Attributes

Author: J.D. Meier, Alex Mackman, Blaine Wastell, Prashant Bansode, Andy Wigley, Kishore Gopalan

Category: Impersonation and Delegation

filePath: ..\Libraries\patterns & practices Library\faq\40c5b361-ff18-44bf-8ecd-e7a7b5f632c3.xml

Pri: 2

Rule Type: Implementation

Source: patterns & practices Library

Status: Release

Technology: ASP.NET 2.0

Title: Question - How do I temporarily impersonate the original caller

Topic: Security

Type: Question and Answer

ID: 40c5b361-ff18-44bf-8ecd-e7a7b5f632c3