Consider Using Programmatic Instead of Declarative Impersonation

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use programmatic impersonation to impersonate the original caller or the ASP.NET service account calling into your service. Programmatic impersonation allows you to impersonate on specific lines of code rather than the entire operation. This finer-grained approach to impersonation can reduce security risk, however be aware that it is easier to make a mistake during implementation that could leave your code impersonating at higher privilege in the event of an error. Use the using statement to revert impersonation automatically.

The following code snippet shows how to impersonate programmatically:
public string GetData(int value)
{	
 using (*ServiceSecurityContext*.Current.WindowsIdentity.*Impersonate*())
 {
     // return the impersonated user (original users identity)
     return string.Format("Hi, {0}, you have entered: {1}",
          WindowsIdentity.GetCurrent().Name, value);
 }   
}

Additional Resources

Last edited Jun 12, 2008 at 9:38 PM by prashantbansode, version 1

Comments

No comments yet.