Impersonating And Reverting
-
Im am not sure exactly how to handle this. Most of this was from Microsoft direct. I am hosting a web site. Microsoft had us set up a different ASP.NET Account under which to run IIS. We changed the machine.config file to reflect this new account in the processmodel line. Everything works as designed. When impersonation is off in the web.config file it shows the current user thread as this this ASP.NET account user. When impersonation is on, the calling user is shown on the thread. I need to keep impersonation on, I want to know who my current caller identity is, but when it calls for going to another resoource in my case a printer I want to go out and use this resource as the ASP.NET account. With impersonate on, I then need to impersonate this ASP.NET account for going out to print. I do not want to add everyone to this printer resource. I used the API call to LOGONUSER and passed the token into WindowsIdentity and this works as well. The catch comes in that whatever account calls LOGONUSER and then trys to impersonate this ASP.NET account must have "Act On Behalf Of Operating System" rights. Am I making this more difficult than needs to be. How do I keep impersonation on for identity purposes, but still make use of this ASP.NET account for going outside of my web site to a printer??? Thanks a lot in advance