Impersonation issue

  • Thread starter Kallely Sajan [MVP]
  • Start date

Kallely Sajan [MVP]

We have an Authentication COM component written using SSPI functions . The
component provides methods to Impersonate and Revert back to original
security context. When use this component in an ASP page to Authenticate and
then Impersonate the authenticated user, the identity is correctly set to
the impersonated user. Then we are able to successfully read the
impersonated identity from another COM component running in the ASP page.
The component uses OpenThreadToken() with TOKEN_QUERY | TOKEN_IMPERSONATE
option and then retrieves the SID of the impersonated user account.
Now here's our problem. When try to do the same in an ASP.NET application
using Interop's it doesn't work. One interop is for the Authentication
component and another is for the component which reads the current identity.
The second Interop fails to read the impersonated identity and it returns
always the ASPNET user. OpenThreadToken() fails and returns Error Code :
1008 (ERROR_NO_TOKEN) Error Message : An attempt was made to reference a
token that does not exist.

As you know we are not dependant on ASP.NET built-in impersonation and the
Web.Config settings doesn't matter here.

Any ideas will be of great help.


PS: Please don't send me direct emails, use the newsroom.

Scott Allen

Hi Sajan:

If the components you are using run in an STA, you'll need to add
AspCompat="true" to your @Page directive. To check the threading model
look in HKCR\CLSID\yourclsid\InprocServer32\ThreadingModel.

The pages run in an MTA by default, meaning any STA component
will be executing on a different thread that is not impersonating.


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question