Wednesday, February 23, 2011

Did you know? You can be someone else

I often have conversations with people regarding accessing resources as another configured users, eg you may want to connect to a local / remote SQL server as a named windows user. You may want to access files or interact with a web based api.
Some people store the username and password in a config file. Well, you don't need to Smile
You need the “Act as part of operating system” security policy .
You can just call (yes, this is a test):
public static void SimpleCallAsUser()
string yourUser = @"Someone"; // Change me

WindowsIdentity wi = new WindowsIdentity(yourUser);
WindowsImpersonationContext imp = wi.Impersonate();
string currentUser = Environment.UserName;
Assert.AreEqual(yourUser, currentUser, true, "Could not impersonate");            


If you need to call remote servers or access remote shares, then the account running the code needs delegation configuring. Select the Account in AD and … (Note you do not need todo this if you accessing resources on the Local Machine)


No comments:

Post a Comment