Impersonating when creating a process from inside a SQL Server Assembly

From: "Keith" <keith@xxxxxxx>
Date: Thu, 14 Dec 2006 11:58:45 -0800

Hello,

This is my situation: I'm trying to impersonate a different user when
creating a process from inside a .NET assembly on SQL Server. Basically the
flow looks like this:

stored procedure->static C# function in Assembly->Process created in
Asembly->External Application

This works, but the external app fails because the current WindowsIdentity
is NT AUTHORITY/WINDOWS SERVICE. ; it needs to be someone else.

Now, when you are inside a .NET assembly in SQL Server, you have access to
an object called SqlContext, and it contains (among other things) a
WindowsIdentity object that is the login user who called the stored
procedure in the first place. This is the user I want to impersonate but I
can't seem to get it to work.

In other postings I've read that you can't get this to work with a Process -
apparently the process still inherits the Principal token and but the
Impersonation token - but it DOES work with Threads. So I thought I'd spawn
a new Thread with the correct identity and launch my process from inside.
To test the Thread idea I used:

ParameterizedThreadStart pts = new
ParameterizedThreadStart(someThreadFunction);
Thread thread = new Thread(pts);

WindowsIdentity contextID = SqlContext.WindowsIdentity;
using (WindowsImpersonationContext wip = contextID.Impersonate())
{
thread.Start(test);
while (thread.ThreadState == System.Threading.ThreadState.Running) { }
wip.Undo();
}

But inside the Thread function (someThreadFunction) the
WindowsIdentity.GetCurrent() still returns NT AUTHORITY/WINDOWS SERVICE.

Am I going about this all wrong? Is this even possible?

Any advice/suggestions appreciated!

Keith

.

Follow-Ups:
- Re: Impersonating when creating a process from inside a SQL Server Assembly
  - From: Andy
- Re: Impersonating when creating a process from inside a SQL Server Assembly
  - From: Joe Kaplan

Prev by Date: Re: GetOwner and IdentityNotMappedException
Next by Date: Re: Impersonating when creating a process from inside a SQL Server Assembly
Previous by thread: Re: GetOwner and IdentityNotMappedException
Next by thread: Re: Impersonating when creating a process from inside a SQL Server Assembly
Index(es):
- Date
- Thread

Relevant Pages

Re: Active Directory and SQL Server Connection
... I went into my SQL server added a user "Test", ... > I would look up MSDN help on WindowsIdentity. ... > Your connection string is fine, it simply says that windows authentication ... your code needs to impersonate that particular ...
(microsoft.public.dotnet.framework.adonet)
Re: Impersonating when creating a process from inside a SQL Server Assembly
... WindowsIdentity is still WINDOWS SERVICE. ... Now, when you are inside a .NET assembly in SQL Server, you have access ... WindowsIdentity object that is the login user who called the stored ... WindowsIdentity.GetCurrentstill returns NT AUTHORITY/WINDOWS SERVICE. ...
(microsoft.public.dotnet.security)
RE: COM dll thread security issue while accessing from ASP.NET
... I save a reference to the current WindowsIdentity ... IIS authenticated user account. ... impersonate the identity of the WindowsIdentity object saved above. ... the 'Impersonator' event handler is running inside the COM dll thread, ...
(microsoft.public.dotnet.security)
Re: Active Directory and SQL Server Connection
... I would look up MSDN help on WindowsIdentity. ... Your connection string is fine, it simply says that windows authentication ... user's identity and then connect to Sql Server. ... >>> appears once we post to the server, the anonymous access takes over ...
(microsoft.public.dotnet.framework.adonet)
Re: Impersonation ASPNET SQL Server
... I think you need to impersonate those user accounts in asp.net ... !Subject: Re: Impersonation ASPNET SQL Server ... Authentication, and Secure Communication is just one ...
(microsoft.public.dotnet.framework.aspnet.security)