Impersonation: ASP.Net MVC Controller Action vs. Web Forms

SaaS Developer picture SaaS Developer · Dec 15, 2009 · Viewed 10.1k times · Source

Is there a difference with impersonation between an ASP.Net MVC controller actions vs. an ASP.Net Web Form? Using the exact same code within the same web project, I am able to successfully impersonate the Windows user when connecting to SQL Server from a Web Form but not from the Controller Action. Here is the code sample I am testing from each:

string sqlQuery = @"SELECT Top 10 FullName FROM Customer";

// Connect to the database server. You must use Windows Authentication;
SqlConnection connection = new SqlConnection("Data Source=ServerName;Initial Catalog=DBName;Integrated Security=SSPI");
// Create a DataTable to store the results of the query.
DataTable table = new DataTable();

// Create and configure the SQL Data Adapter that will fill the DataTable.
SqlDataAdapter adapter = new SqlDataAdapter();
adapter.SelectCommand = new SqlCommand(sqlQuery, connection);

// Execute the query by filling the DataTable.
adapter.Fill(table);

I have checked the HttpContext user on both the controller and the web form and they look identical. However, when running a SQL trace the controller action is always running as Network Service, while the web form is running as the user. Any clarification on why these two are behaving different and how to impersonate within the controller action would be appreciated.

Answer

Alexander Taran picture Alexander Taran · Dec 17, 2009

try to add

 <identity impersonate="true">

to

<system.web>

part of your web.config file for mvc app