http://blogs.msdn.com/shawnfa/archive/2005/03/24/401905.aspxOver the last couple of days we've talked about how to impersonate another user , and some security issues to keep in mind while impersonating . Now I'd like to take a look at some new features available in Whidbey which can make the whole process muchen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/shawnfa/archive/2005/03/24/401905.aspx#402788Mon, 28 Mar 2005 04:03:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:402788OdeToCode Linkshttp://blogs.msdn.com/shawnfa/archive/2005/03/24/401905.aspx#404322Thu, 31 Mar 2005 23:43:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:404322.Net Security Bloghttp://blogs.msdn.com/shawnfa/archive/2005/03/24/401905.aspx#404503Fri, 01 Apr 2005 12:01:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:404503Nicole CalinoiuWhile the use of a delegate is certainly convenient for this sort of thing, it's potentially quite dangerous given that there's no guarantee that the caller actually chose the delegate implementation. (See <a target="_new" href="http://blogs.msdn.com/ptorr/archive/2005/01/16/353816.aspx">http://blogs.msdn.com/ptorr/archive/2005/01/16/353816.aspx</a> for a discussion by Peter Torr of a somewhat similar problem.) Since it's not possible to place a demand for SecurityPermission\UnmanagedCode on the delegate itself, this is more than a little tricky. Providing a wrapper that enables a demand when setting the delegate could help, but a naive caller would still be creating a security hole if it fails to use the wrapper as intended. <br> <br>Constraining the delegate actions via use of PermitOnly would also be potentially helpful, but one would need to receive the accepted permission set from the caller in order to allow adequate flexibility, and the same &quot;naive caller&quot; problem rears its ugly head again. In addition, this approach would be completely useless when resources used by a particular implementation of the delegate are not protected by CAS. <br> <br>Unfortunately, I just can't see any way to make this sort of thing safe for potentially naive callers. Unless there's some wonderful technique I'm missing, it would seem prudent to make this functionality accessible by only one's own code.http://blogs.msdn.com/shawnfa/archive/2005/03/24/401905.aspx#406011Thu, 07 Apr 2005 01:04:46 GMT91d46819-8472-40ad-a661-2c78acb4018c:406011shawnfaWell, there's really no good way to ensure that the caller uses the class library as intended. The goal of the code isn't to allow arbitrary delegates to run in the impersonation context, but rather to be a wrapper around the high trust code which ensures that the impersonation is undone when the work completes. <br> <br>-Shawnhttp://blogs.msdn.com/shawnfa/archive/2005/03/24/401905.aspx#692202Tue, 08 Aug 2006 18:05:57 GMT91d46819-8472-40ad-a661-2c78acb4018c:692202GavinHey, <br> <br>I'm writing an application that requires me to authenticate as windows user account user to perform part of a process before resetting back to it's original context. <br> <br>Unfortunately I have no choice but to use C# exclusively. Your code uses some language specific classes that and so I am unable to directly translate into C#. <br> <br>Is there a C# version available? <br> <br>Many Thanks