One thing we have done is to create identical virtual directories on
both web servers pointing to the same share. When setting up the
v-dirs, open the properties window, click the "connect as" button, and
enter the appropriate credentials. This make take some trial and error
to get working correctly. One thing also often necessary (when not
impersonating) is to give the ASPNET local server user (for both
servers) read permissions on the shared directory.
Another option is to try the code below which I have used to
successfully do impersonation under Windows auth (.net 1.1):
/// <summary>
/// This is used to programmatically
/// change the user principal on-demand.
///
/// It relies on the old Win32 APIs.
///
/// (This is made obsolete in .NET 2.0)
/// </summary>
public class Impersonation
{
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
WindowsImpersonationContext impersonationContext;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet=CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public bool ImpersonateValidWindowsUser(String userName, String
domain, String password)
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if(RevertToSelf())
{
if(LogonUserA(userName, domain, password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if(DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return true;
}
}
}
}
if(token!= IntPtr.Zero)
CloseHandle(token);
if(tokenDuplicate!=IntPtr.Zero)
CloseHandle(tokenDuplicate);
return false;
}
public void WindowsAuth_Impersonate()
{
impersonationContext =
((System.Security.Principal.WindowsIdentity)HttpCo ntext.Current.User.Identity).Impersonate();
}
public void WindowsAuth_StopImpersonating()
{
impersonationContext.Undo();
}
}