When Impersonating Programmatically be Sure to Revert to Original Context

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

When using programmatic impersonation, revert to the original security context as soon as possible. If you do not remember to revert, your application’s attack surface will be increased as it will be running under higher privileges than necessary. Use the using statement to revert impersonation automatically.

The following code snippet shows how to impersonate programmatically:
public string GetData(int value)
{	
 using (*ServiceSecurityContext*.Current.WindowsIdentity.*Impersonate*())
 {
     // return the impersonated user (original users identity)
     return string.Format("Hi, {0}, you have entered: {1}",
          WindowsIdentity.GetCurrent().Name, value);
 }
}

Additional Resources

Last edited Jun 12, 2008 at 9:39 PM by prashantbansode, version 1

Comments

No comments yet.