Change impersonation on the fly

[Colin]

Normally impersonation is set to true. Due to an intermittent Kerberos
issue I'd like to set impersonate='False' on a per session or per error
basis. In other works I would like to handle the error by turning
impersonation off.

This would allow the user experience to continue while I trouble shoot
Active Directory.

Is this possible?

Colin.

 

[Brock Allen]

Yep. It's not doc'd (unless you count Dominick Baier as documentation) but
you can call:

WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence call
RevertToSelf and then call WindowsImpersonationContext.Undo() to go back
to your previous identity. WindowsImpersonationContext is the return from
Impersonate.

 

[Colin]

Brock,

I don't quiet follow. Am a passing the current identity into the
WindowsImpersonationContext? This is what I have?


' Check the identity.
Response.Write(("Before impersonation: " +
WindowsIdentity.GetCurrent().Name) + "<br>")

Dim newID As New WindowsIdentity(WindowsIdentity.GetCurrent().Token)
Dim impersonatedUser As WindowsImpersonationContext =
newID.Impersonate()

' Check the identity.
Response.Write(("After impersonation: " +
WindowsIdentity.GetCurrent().Name) + "<br>")

' Stop impersonating the user.
impersonatedUser.Undo()

' Check the identity.
Response.Write(("After Undo: " + WindowsIdentity.GetCurrent().Name)
+ "<br>")


Yep. It's not doc'd (unless you count Dominick Baier as documentation) but
you can call:

WindowsIdentity.GetCurrent().Impersonate(IntPtr.Zero) to in essence call
RevertToSelf and then call WindowsImpersonationContext.Undo() to go back
to your previous identity. WindowsImpersonationContext is the return from
Impersonate.

 

[Brock Allen]

Yeah, sorry, typo in my code sample. It should be something like this:

WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);

// do your AD stuff now as the identity of the process (not the user)

ctx.Undo(); // go back to being the user