How can I impersonate logged on user and get access to unc folders?

Question

I'm having trouble impersonating logged on user and then access unc files. I have tried using this sample code:

using System.Security.Principal;
...
// Obtain the authenticated user's Identity
WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext ctx = null;
try
{  
    // Start impersonating  
    ctx = winId.Impersonate();  
    // Now impersonating  
    // Access resources using the identity of the authenticated user
}
// Prevent exceptions from propagating
catch{}
finally
{  
    // Revert impersonation  
    if (ctx != null)    
        ctx.Undo();
}
// Back to running under the default ASP.NET process identity

If I try to access a file locally where the comment says Access resources using the identity of the authenticated user it works exactly as it should. If I however try to do the same thing with a file on a file server somewhere using UNC like \\ServerName\Share\FileName.txt it doesn't matter that the impersonated account has enough rights. The application throws an exception saying that the ASP.NET account does not have enough rights.

I have also tried to use unmanaged code to perform the impersonation and then it works! Local file or UNC, doesn't matter, works like a charm!

The problem is that you have to provide password and since it is the logged on users rights I want to check I can't provide that.

Does anyone know why the application behaves like this? Is it some configuration setting I need to set?

so to prevent exceptions from propagating you don't even catch and log them!? cooool! — Davide Piras, Jul 08 '11 at 12:35
you're impersonating the ASP.NET Account... not the current user account. what's your authetication mode and you have specficy the impersonate on web.config? — 2GDev, Jul 08 '11 at 12:48
@Davide: I think it's a sample code... Check here : http://stackoverflow.com/questions/4334665/steps-to-enable-double-hop-delegation-in-iis7-windows-2008 , and here http://stackoverflow.com/questions/983443/windowsidentity-winid-windowsidentityhttpcontext-current-user-identity-how-t and here is the source: http://msdn.microsoft.com/en-us/library/ms998351.aspx#paght000023_impersonatingbyusingwindowsidentity — 2GDev, Jul 08 '11 at 13:17

score 0 · Answer 1 · answered Jul 08 '11 at 13:10

Web application runs with specific identity, this identity is based on a user account on the local machine or domain.

The application uses this identity when it accesses resources on disk or services.

If the account does not have rights to the resource, the web application will not be able to use the resource.

Impersonation is where the web application assumes a different identity from the default

Impersonation can be configured to be used for the web application on startup, by adding an tag to the web.config file. Impersonation can also be implemented dynamically in code, so that it can be turned on and off as needed.

From ASP.NET Identity and Impersonation Different Impersonation

So check you web.config and IIS Configuration and ensure that you're impersonating the correct user.

How can I impersonate logged on user and get access to unc folders?

1 Answers1