Home/ Questions/Q 333159
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T09:56:07+00:00

I have some methods that need to run as a certain service account, so

  • 0

I have some methods that need to run as a certain service account, so I do the normal thing:

public DoSomeWorkAsServiceAccount() {
    ...
    // assume I am given tokenHandle
    WindowsIdentity newId = new WindowsIdentity(tokenHandle); 
    WindowsImpersonationContext impersonatedUser = newId.Impersonate();

    ...
    // do the work here
    ...

    impersonatedUser.Undo();
}

I’d like to avoid writing this code in every method, so I was thinking of creating a custom attribute:

[Impersonate(tokenHandle)]
public DoSomeWorkAsServiceAccount() {
    // do the work
}

So here are my questions:

  1. Is this possible?
  2. Can you show me something that will avoid code duplication?

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t think an attribute is the best way to implement a feature like this. For the most part attributes merely act as meta-data on types and members (Aspect Oriented stuff aside). You’d need to write something to check for that attribute, and re-route the method call accordingly. If you already have some AOP code in place this shouldn’t be much of a chore, but if you don’t you’d likely be much better served by something like this:

    public void DoWorkAsUser(tokenHandle, Action op)
{
  WindowsIdentity newId = new WindowsIdentity(tokenHandle); 
  WindowsImpersonationContext impersonatedUser = newId.Impersonate();

  op();

  impersonatedUser.Undo();
}

    And then call it like this:

    DoWorAsUser(token, MyMethod);

    This allows you to centralize the impersonation code without having to mess around with reflection, codeweaving, etc.

    • 0