Can I turn off impersonation just in a couple instances

I have an app that has impersonation used throughout. But when a user is logged in as an admin, a few operation require them to write to the server itself. Now if these users do not have rights on the actual server (some don’t) it will not let them write.

What I want to do is turn off impersonation for just a couple commands.

Is there a way to do something like this?

using(HostingEnvironment.Impersonate.Off())
  //I know this isn't a command, but you get the idea?

Thank you.

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Make sure the Application Pool do have the proper rights that you need.

Then, when you want to revert to the application pool identity… run the following:

private WindowsImpersonationContext context = null;
public void RevertToAppPool()
{
    try
    {
        if (!WindowsIdentity.GetCurrent().IsSystem)
        {
            context = WindowsIdentity.Impersonate(System.IntPtr.Zero);
        }
    }
    catch { }
}
public void UndoImpersonation()
{
    try
    {
        if (context != null)
        {
            context.Undo();
        }
    }
    catch { }
}

Method 2

I am not sure if this is the preferred approach but when I wanted to do this I new’d up an instance of a WindowsIdentity and called the Impersonate method. This allows subsequent code to impersonate a different Windows user. It returns a WindowsImpersonationContext that has an Undo method which reverts the impersonation context back again.

Method 3

You could turn off authentication for the page and then manually impersonate the authenticated user during the remainder of your code.

http://support.microsoft.com/kb/306158

This has a reference to that last part, but basically you impersonate User.Identity

This will mean you will have to impersonate at the beginning of any call to the page, turn it off when you need it off, then turn it back on when you are done, but it should be a workable solution.

Method 4

I just ended up giving the folders write permissions to “Authenticated Users”


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x