impersonation

I am having a hard time to get Runtime Impersonation to work. Scenario: Anonymous access is disabled in all servers, and windows auth is enabled Client calls Web Api 1 Web Api 1 may call Web Api 2, or the oData Service Call from Web Api 1 to Web Api 2 needs to be impersonated with the Client Credentials Calls from Web Api 1 to oData Service must not be impersonated Web Api 1 calls both the service using Web Request We have Kerberos delegation configured properly What Works (Kinda): If I turn on impersonation in Web Api 1 using the Web.config <authentication mode="Windows"/> <identity

Edit Now I know what I need. I need to implement Kerberos protocol transition (S4U2Self) in Java. There are examples in .Net, but none for Java. There is this third party library Quest Single Sign on for Java that claims to do that. I've downloaded the JAR and it looks good, but I would rather use a custom implementation instead of someone else's code (which have to be paid). Can anyone give any head start on what needs to be done? Any existing open Java API to handle this? Thanks Question before At the moment my application only knows the user id, and I need to authenticate that user with

Is it possible to impersonate a user without supplying user name/password? Basically, I'd like to get the CSIDL_LOCAL_APPDATA for a user (not the current one) using the ShGetFolderPath() function. All I currently have is a SID for that user. No, you have to call Win32 API LogonUser function to get windows account token back so you can then impersonate. You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article: GUI-Based RunAsEx You must be running as an admin (or LocalSystem) for this to work. Another technique is to

What is the diffrence between... execute as user = 'testuser' AND execute as login = 'testuser' I am executing a cross database procedure under these logins and it works with the exececute as login but not the execute as user. It is saying the server principal "testuser" is nt able to access the database "xxx" under the securty context. When i SELECT SYSTEM_USER after both commands I see that it is set to 'testuser' execute as login provides impersonation to the entire server, since logins are on a server level. Since users are defined per database, execute as user impersonation applies only

Update 2 This question originally was "Does impersonation work with Web API?" And the question to that question is "Yes, it does." But the problem was not about Web API but impersonation itself. (The description of the problem is below) But now I'd like to tell others about the solution. My controllers are async and my mistaken premise was that any thread spawned by impersonated thread has the same identity as its parent. By default it is false: TPL does not flow impersonation across threads. Impersonation flow can be enabled either programmatically or in configuration . Note, please, that

I have a Console App and a Web API 2 project, both run on the same server. I have setup my Console App to call a RESTful endpoint in my Web API using HttpClient while impersonating a domain account. Console.WriteLine("Setting up impersonator."); using (new Impersonator(accountUsername, accountDomain, accountPwd)) { Console.WriteLine("Impersonator set up."); HttpClientHandler handler = new HttpClientHandler(); handler.UseDefaultCredentials = true; Console.WriteLine("Executing as: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name); using (var client = new HttpClient(handler)) {