See Scott Galloway's code for temporary impersonation in an ASP.NET
app:
http://www.mostlylucid.co.uk/archive...12/05/662.aspx
The basic idea is to call into LogonUser and DuplicateToken.
However, you may run into problem with a scenario called the Single Hop
problem.
http://blogs.geekdojo.net/ryan/archi...12/10/427.aspx http://blogs.geekdojo.net/justin/arc...12/10/430.aspx
To quote Justin Rudd from his post referenced above:
<quote>
This is what is commonly referred to in the NTLM world as the "one hop"
problem. For example, you are on machine A. You have a process that is
running as you and it calls a DCOM process on Machine B. Depending on
how the DCOM server is setup, it assumes your credentials (think
ASP.NET impersonation). Now if that DCOM server makes a call out to
another DCOM server, the credentials that go across the wire are the
credentials that the process is running as.
In IIS when you use Windows Authentication, you use your single hop as
soon as you connect to the web server. So if you have some code in
ASP.NET try to access a network resource, it will use the ASP.NET
worker process' credentials.
</quote>
You may need to have your ASP.NET application impersonate at the
application level (that's what I've had to fall back on):
http://msdn.microsoft.com/library/de...itySection.asp
This just involves a setting in web.config, as you probably know:
<identity impersonate="true|false" userName="domain\username"
password="password"/>
Other alternatives are serviced components and delegation:
http://msdn.microsoft.com/library/de...delegation.asp
- Jon
http://weblogs.asp.net/jgalloway