How to impersonate the original caller when using windows authentication

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

When using windows authentication, you have access to original users Windows Identity. You can impersonate the original caller whenever downstream code needs to authorize based on the original caller’s identity. For instance, you may have authorization checks in business logic called by WCF, or you may want to access resources that have access control lists (ACLs) allowing specific user access.

You can impersonate the original caller either declaratively or programmatically, depending on the following circumstances:
  • Impersonate the original caller declaratively when you want to access Microsoft Windows® resources that are protected with ACLs configured for your application’s domain user accounts.
  • Impersonate the original caller programmatically when you want to access resources predominantly by using the application’s process identity, but specific sections of the operation need to use the original caller’s identity.

Additional Resources

Last edited May 8, 2008 at 4:57 AM by prashantbansode, version 2

Comments

No comments yet.