Problems with Thread Impersonation

  • Thread starter Thread starter Matthias Wohlmann
  • Start date Start date
M

Matthias Wohlmann

Hi,
I've got an ASP.NET Web-Application written in C#.
In IIS 6.0 (Windows Server 2003) I have set the application to allow
anonymous access, but instead of the default user I use an own
windows-user account. That account does not have too much rights (just
access to the application directory and the windows\Microsoft.Net
directory). In Web.config I have also set
<identity impersonate="true" userName=<myUser> password=<myPWD>/>

Everything works fine exept for this:
In my application, I start a thread. I know that impersonation is not
taken over by the thread so I copy the current impersonation by

System.IntPtr windowsIdentityToken;
System.IntPtr newToken = System.IntPtr.Zero;
WindowsIdentity currentIdentity = WindowsIdentity.GetCurrent();
DuplicateToken(currentIdentity.Token, 2, ref newToken);
this.windowsIdentityToken = newToken;

and inside the thread I re-impersonate with:

WindowsImpersonationContext impersonatedUser =
WindowsIdentity.Impersonate(this.windowsIdentityToken);

After that, acces to files inside the thread is working, but two things
don't work:

- Sending Mails: I get this error:
System.Web.HttpException: Could not create 'CDO.Message' object.
on Command:
System.Web.Mail.SmtpMail.Send(msg);

- I also use encryption inside the thread. Command
SymmetricAlgorithm symm = new TripleDESCryptoServiceProvider();
leads to Exception:
System.Security.Cryptography.CryptographicException: Cryptographic
service provider (CSP) could not be found for this algorithm.

If I don't impersonate the thread by commenting out
//WindowsImpersonationContext impersonatedUser =
WindowsIdentity.Impersonate(this.windowsIdentityToken);
both commands work, but the thread can't access some files I need.

does anyone have an idea?

Thanks,
matthias
 
Back
Top