Re: impersonation in a sub thread

From: news.microsoft.com (mvkazit_at_tut.by)
Date: 12/09/03


Date: Tue, 9 Dec 2003 15:55:26 -0500

May be this article help you:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158

may be not :)

"Christian" <anonymous@discussions.microsoft.com> wrote in message
news:00a101c3a7b6$4070da10$a401280a@phx.gbl...
> To answer my own question (and thanks for the com+
> suggestion):
>
> I didn't actually necessary need a separate thread.
> An asynchronous method call worked just as well, and then
> the subthread (created by the .net framework to run the
> asynchronous call) IS able to impersonate.
>
> e.g.
>
> public MyClass
> {
> private delegate void MyDelegate(WindowsIdentity winID);
>
> public static void Start()
> {
> MyDelegate del = new MyDelegate(DBCleanup);
> del.BeginInvoke(WindowsIdentity.GetCurrent(), null,
> null);
> }
> }
>
> private static void DBCleanup(WindowsIdentity winID)
> {
> WindowsImpersonationContext ctx = winID.Impersonate
> ();
>
> // do stuff as impersonated user.
> if (ctx != null)
> ctx.Undo();
> }
> }
>
> So somehow by calling it as a delegate I am able to create
> a thread that can impersonate an authenticated winID.
> But I still don't know how to do it if I were to for
> whatever reason to create my own Thread. I don't need to
> right now, but would still like to find out just for
> future reference.
>
> >-----Original Message-----
> >When you create a new thread it inherits the original
> >security context of the parent process.
> >E.g. when a webapplication that is set to impersonate
> >some domain account creates a new thread, the new thread
> >runs as the original user (e.g. localmachine\ASPNET) not
> >the user the application is impersonating.
> >
> >Does anyone know how to create a thread and make it
> >impersonate the same user as the parent process is
> >impersonating?
> >
> >I tried making the child thread explicitely impersonate
> >the domain user, but it was not able/allowed to.
> >
> >Basically I am doing
> >
> >WindowsIdentity _winID;
> >public static void StartThread()
> >{
> >// runs as domain user set to impersonate in web.config
> >// or IIS control
> > _winID = WindowsIdentity.GetCurrent();
> > Thread _thread = new Thread(_threadStart);
> >
> > _thread.Start();
> >}
> >
> >private static void DoWork()
> > {
> >//runs as localbox\ASPNET
> >
> >// fails with "Unable to impersonate user"
> > _winID.Impersonate();
> >
> >// more code supposed to run as impersonated user
> > }
> >
> >
> >It succeeds when I set asp to run as SYSTEM. (in set
> ><processModel userName="SYSTEM"> in machine.config)
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-
> >us;Q306158
> >
> >indicates that the process would need the "act as part of
> >the OS" privilege.
> >After giving that privilege to ASPNET, it still
> >impersonation still fails.
> >
> >Anybody know how I can get the subthread to execute as
> the
> >same (impersonated) user as the web app? Additional
> >privileges required for ASPNET? is there a way to start
> >the subthread off with the right user?
> >
> >Thanks
> > Christian
> >.
> >