tags:

views:

270

answers:

4
+1  Q: 

C# Threading and Sql Connections

I have a method that attempts to update a sql server database in an ASP.NET application. If the update fails, it catches the exception and then queues the update in MSMQ, and then spins up a new thread that will later de-queue the pending update and try again. When the thread starts, it fails to open a database connection because it is attempting to connect using Network Service as the login. The sql connection is using Windows Authentication, and will work outside of the thread. If I put a breakpoint in the code that executes inside the new thread and check the Thread.CurrentPrincipal, it shows the Identity as being the correct user. Why is the sql connection attempting to be opened by the Network Service account?

I can elaborate further is necessary.

Thanks.

+1  A: 

I think you need to check the identity of the application pool the website is running under in IIS - is it set to Network Service?

Also, what impersonation setting is in your web.config file? Check if you are impersonating the current user, a specific user, or no user (and the application pool identity is therefore being used).

It would be useful if you posted your connection string too.

Owen Orwell  2010-04-07 14:29:28
The app pool is using the default Network Service identity.In the web.config, the identity has impersonate="true", and we are impersonating a specific account.The connection string is using Trusted_Connection=yes;data source=myDataSource;I found this article: http://support.microsoft.com/kb/326606 which might be similar. I am not using Session State, but this article indicates that session state uses a background thread to connect to the sql server database, and therefore cannot connect because the thread runs under the ASP.NET worker process.
Jonathan M  2010-04-07 15:12:19
+1  A: 

I figured it out based on this thread: http://bytes.com/topic/asp-net/answers/597465-simple-thread-issue

I had to add this to the top of the thread's code block:

((WindowsIdentity)Thread.CurrentPrincipal.Identity).Impersonate();
Jonathan M  2010-04-07 15:46:29
Actually, this will not work either, since I checked what credentials the database was using to make the calls from the Main thread and the Background thread. It turns out the above was just impersonating me (the logged in user), and not the service account specified in the web.config. Since I had access to the database, the call was successful, but when this goes to production, this won't be the case. o now I am looking at ExecutionContext and seeing if that buys me something..
Jonathan M  2010-04-07 19:03:56
A: 

This link is where I found the answer: http://www.leastprivilege.com/WhatIsAspnetconfig.aspx

Here is the key bit of info:

<configuration>
  <runtime>
    <legacyUnhandledExceptionPolicy enabled="false" />
    <SymbolReadingPolicy enabled="1" />

    <legacyImpersonationPolicy enabled="false" />
    <alwaysFlowImpersonationPolicy enabled="true" />
  </runtime>
<configuration>
Jonathan M  2010-04-08 15:26:14
+1  A: 

I have discovered an even more elegant solution that does not require the modifications to the aspnet.config file.

// get the current WindowIdentity of the main thread
var currentIdentity = WindowsIdentity.GetCurrent();

Thread thread;
thread = new Thread(() =>
            {
                // using lambda closure, access the current identity
                // inside the background thread scope and call Impersonate
                var context = currentIdentity.Impersonate();

                // do multi-threaded stuff


                // undo the impersonation before leaving the thread
                context.Undo();
            })
        {
            Name = "BackgroundThread",
            IsBackground = true
        };
thread.Start();
Jonathan M  2010-04-09 19:44:05

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?