Can I turn off impersonation just in a couple instances
Make sure the Application Pool do have the proper rights that you need.
Then, when you want to revert to the application pool identity... run the following:
private WindowsImpersonationContext context = null;
public void RevertToAppPool()
{
try
{
if (!WindowsIdentity.GetCurrent().IsSystem)
{
context = WindowsIdentity.Impersonate(System.IntPtr.Zero);
}
}
catch { }
}
public void UndoImpersonation()
{
try
{
if (context != null)
{
context.Undo();
}
}
catch { }
}
Temporary disabling of impersonation in MVC5
So, I was able to solve it.
Thanks to: Can I turn off impersonation just in a couple instances
I used:
using (var impersonationContext = WindowsIdentity.Impersonate(IntPtr.Zero))
Temporarily disable impersonation in ASP
I've got around the impersonation problem in a different way. Just wrote an ASP.net script to save files using HttpPostedFile
, based on this one, and it worked like a charm. The files are (probably) being written under the app pool user configured in IIS.
How do I get a .net web service call to stop impersonating to perform a task
It seems that the method I was using is fine. The error was a problem with the sql connection and the assumption that it was Impersonation that was failing. I was confirming my assumption by using the wrong check to verify the identity. The code in my original question does in fact work.
Calling WindowsIdentity.Impersonate does nothing
Giving write access to the App_Data folder for the Users group fixed the issue. Not sure what that has to do with impersonation though.
Storing a password for user impersonation
The safest solution is to actually create a service, which runs under a user with the correct permissions. Your Winforms application would then just use a tight interface to the service to tell it what needs to be done. How feasible this is depends on what exactly you're trying to do.
Trying to do this using just the winforms application is tricky. If a user application can do something, so can the user. Remember, there's no such thing as "application permissions" - only user permissions. The GUI application will run as some user, and that user can do everything the application can.
Read local file as local system, not as current user
You must use some kind of impersonation. You can find options here: https://support.microsoft.com/en-us/help/306158/how-to-implement-impersonation-in-an-asp-net-application
Impersonate the IIS authenticated account or user
Impersonate a specific user for all the requests of an ASP.NET application
Impersonate the authenticating user in code
Impersonate a specific user in code
Example config for all requests
<identity impersonate="true"
userName="domain\user"
password="password" />
The domain user should have the required access.
If you want to go with the third option, check this answer here which uses the following to impersonate per code block:
try
{
if (!WindowsIdentity.GetCurrent().IsSystem)
{
using (WindowsIdentity.Impersonate(IntPtr.Zero))
{
// Do stuff here
}
}
}
catch { }
Related Topics
Parsing Performance (If, Tryparse, Try-Catch)
The Property 'Id' Is Part of the Object's Key Information and Cannot Be Modified
How to Delay Shutdown and Run a Process in Window Service
Easier Way of Writing Null or Empty
Dependency Injection Type-Selection
Using Razor Outside of MVC in .Net Core
Is There a Messagebox Equivalent in Wpf
Will the Base Class Constructor Be Automatically Called
How to Parse Command Line Output from C#
How to Set a Conditional Compile Variable
How to Send a File and Form Data with Httpclient in C#
How to Access Ssis Package Variables Inside Script Component
Pass a Value from One Form to Another
Does C# Allow Double Semicolon ; ; If So, Are There Any Special Ways
Datagrid Shows Path of Image Instead of Image Itself
How to Use Push Notifications in Xamarin Forms