1

I have a .net web service that runs with windows authentication and impersonation set to true. When the app goes to connect to the database however it needs to stop impersonating and run as the service account for the application pool.

My understanding has always been that the way to stop impersonation I would run the following code.

WindowsImpersonationContext ctx = WindowsIdentity.Impersonate(IntPtr.Zero);

and then when I want to restart impersonation

ctx.Undo();

But for some reason when I run my code it never stops impersonating the calling user but continues as that user and fails to connect to the sql db which is using integrated security and only the service account has db access.

What am I missing here to get this to work properly?

Bastyon
  • 1,571
  • 4
  • 21
  • 28
  • http://stackoverflow.com/questions/125096/can-i-turn-off-impersonation-just-in-a-couple-instances confirms your approach. when you say, "it never stops impersonating" do you know that from a debugging session or just by the fact that the SQL connection failed? is the connection attempt made in the same thread for sure, after the "expersonation"? – Cee McSharpface Feb 08 '16 at 20:07
  • Ah...my bad I was not checking the right place for the Identity. It is working fine it seems. I was checking the HttpContext and not the WIndowsIdentity. The sql failure was due to a seperate issue which was seeming to confirm my original assumption. – Bastyon Feb 08 '16 at 20:38

1 Answers1

0

It seems that the method I was using is fine. The error was a problem with the sql connection and the assumption that it was Impersonation that was failing. I was confirming my assumption by using the wrong check to verify the identity. The code in my original question does in fact work.

Bastyon
  • 1,571
  • 4
  • 21
  • 28