Hi all,
I am trying to impersonate a domain user account in a WPF application so the application can write to a folder on the network. The domain user has sufficient rights to write to this location. I'm using some code found on the net to perform the impersonation.
Basically, it calls the native LogonUser method which returns a security token, then create a new WindowsIdentity passing the token and finally calling the windowsIdentity.Impersonate() method. I get no exceptions executing above logic.
Calling WindowsIdentity.GetCurrent() -> returns impersonated identity.
Writing to the UNC path -> UnauthorizedAccess exception.
So, I inspect the Thread.CurrentPrincipal object before I try to write the file, this has a GenericPrincipal, and not a WindowsPrincipal with the impersonated WindowsIdentity.
So in the startup of the application I set the AppDomain.CurrentAppDomain.SetPrincipalPolicy to PrincipalPolicy.Impersonate.
I restart my application...
Before my call to impersonate, i can see my own credentials on Thread.CurrentPrincipal, the ones that i'm using to log onto my development machine and which is executing my WPF program.
I again try to run the impersonation logic, again I see the impersonated identity on WindowsIdentity.GetCurrent, all seems fine, no exceptions
However on Thread.GetCurrentPrincipal I still see my own credentials, and if I look at the AuthenticationType property, there is an UnauthorizedException (which is only visible in the debugger, it is not being thrown in the application !!). I let the code run.
Again, UnauthorizedAccess when trying to write my file on the UNC location.
Last thing I tried is to create a new WindowsPrincipal with WindowsIdentity.GetCurrent() and I explicitly set it on Thread.Current, but same result.
UnauthorizedAccess when a write to the UNC location.
I'm out of ideas :)