DEXTUpload.NET Professional
menu toggleProduct Information > Impersonate a specific user in the code

Impersonate a specific user in the code (Note: experiment function)

At the request of all of the pages and the handler of the ASP.NET application, it is necessary to specify the "userName, password" attributes in the <identity> element in the "Web.config" file for the application to impersonate a specific user.

<identity impersonate="true" userName="accountName" password="password"/>

In general, the account to be impersonated needs the authority of the "IIS_IUSRS" group.

IIS7 previously, there was the "IUSR_machine name" account, and the "IIS_WPG" group as intended to cover all of the accounts that are used as ID account of the application pool. However, since IIS7, the "IUSR_machine name" account was replaced to the "IUSR" built-in account and the "IIS_WPG" group was replaced to the "IIS_IUSRS".

When processing the file upload with DEXTUpload.NET Professional products, in the past we had to use the <identity> element for accessing files and directories. From version 5.0.0.0 above, in addition the product provides a method capable of performing most of the code level like using <identity> element.

The most necessary moments are the time to create a temporary file and the point at which save the temporary file to the destination location ("Save, SaveAs"). The former is treated in the" FileUploadMonitorModule ", the latter aspx page or ashx handler or the "Save, SaveAs" methods of the "FileElement" object, in the Controller action method. The former is required when creating files to the path recorded in the "tempPath" that is described in the "Web.config" file, the latter needs to copy or move files to the location pointed to by "defaultPath" or the parameter of the "Save, SaveAs" methods.

To apply at the time to create a temporary file, the new module class that extends the "FileUploadMonitorModule" is registered to the "Web.config" file.

# You must manually create a new class that inherits from the class "DEXTUpload.NET.FileUploadMonitorModule".

namespace some.project
{
    public class ImpersonationFileUploadModule : FileUploadMonitorModule
    {
        // Overrides the "HandleUploadProcess" virtual method.
        // The "HandleUploadProcess" is a method to create a temporary file from multipart data.
        protected override void HandleUploadProcess(HttpApplication application, DXTEnvironment environment)
        {
            // Generally, the information of the impersonating account is not exposed to the outside, so it is necessary to write codes to get the account information.
            var userName = "iouser";
            var userDomain = ".";
            var userPassword = "1234";
            ...
            // When you create the "UserImpersonation" instance, you need to pass in the parameters to impersonate the account, domain, and password.
            // The second parameter is the domain, and if you use a local account, it's the '.' character. 
            // On the other hands, if you use Active Directory, it must be a domain. If the account is kind as a userName@Domain Type, set the domain parameter to null.
            using (var impersonation = new UserImpersonation(userName, userDomain, userPassword))
            {
                base.HandleUploadProcess(application, environment);
            }
        }

        // Overrides the "RemoveTempResources" virtual method.
        // The "RemoveTempResources" is a method that is called periodically when the cleaner is running.
        protected override void RemoveTempResources(DirectoryInfo temp, int ago)
        {
            var userName = "iouser";
            var userDomain = ".";
            var userPassword = "1234";
            ...
            using (var impersonation = new UserImpersonation(userName, userDomain, userPassword))
            {
                base.RemoveTempResources(temp, ago);
            }
        }
    }
}

To register a class that the newly created as an HTTP module of the "Web.config" file.

<!-- For integrated mode -->
<system.webServer>
  <modules>
    <!-- 
      You need to declare a new "ImpersonationFileUploadModule" instead of the "FileUploadMonitorModule" module that performs the file upload processing.
    -->
    <add name="FileUploadMonitorModule" 
      type="some.project.ImpersonationFileUploadModule, ImpersonationFileUploadModule"
      preCondition="managedHandler"/>
  </modules>
</system.webServer>

After the setting as described above, the impersonation is applied at the time of creating the temporary file, code that generates a file in the account is executed.

To use the impersonation at the time of saving temporary files to the storage can be processed as follows. (To save anyway temporary files, the moudle reads files from tempory directory, so that the impersonation is finally needed.)

# This is an example of handling in an ashx generic handler.

public class upload : IHttpHandler
{
    public void ProcessRequest(HttpContext context)
    {
        var userName = "iouser";
        var userDomain = ".";
        var userPassword = "1234";

        // Impose using the "UserImpersonation" class as we did in the "ImpersonationFileUploadModule" class.
        using (var impersonation = new UserImpersonation(userName, userDomain, userPassword))
        {
            using (var dext = new FileUpload())
            {
                // Save the file.
                ...
            }
        }
        ...
    }

    ...
}