I have a WCF service hosted in IIS that is retrieving data from multiple sources (all SQL Server). With each data source, I have to impersonate a different Active Directory user to connect to the database. I am using Entity Framework v6.1.1 for two of the data sources. Integrated Security is set to True in the connection strings, too.
I use the example below to set the impersonated user, where the impersonated user is a System.Security.Principal.WindowsImpersonationContext
that I set from configuration:
internal async Task<List<string>> GetItemsByLookupItemsAsync(List<string> lookupItems)
{
var result = new List<string>();
using (var db = new EntityFrameworkDb())
{
var query = from item in db.Table
where lookupItems.Contains(item.LookupColumn)
select item.StringColumn;
var queryResult = new List<string>();
using (GetImpersonatedUser())
{
queryResult.AddRange(await query.ToListAsync());
}
result.AddRange(queryResult.OrderBy(e => e));
}
return result;
}
The problem is that the previous code throws a SqlException
saying that the account running the web service can not log on to the database. It appears that when I hit the await
I lose the impersonation context.
What are some suggestions to solve this problem?
Generally speaking, if there are asynchronous APIs, then you should use them for new code. Asynchronous code frees up the calling thread. If your application is a GUI application, this can free up the UI thread; if your application is a server application, this can free up threads to handle other requests.
Note that there are no async versions of some LINQ operators such as Where or OrderBy, because these only build up the LINQ expression tree and don't cause the query to be executed in the database. Only operators which cause query execution have async counterparts.
ToListAsync(IQueryable)Creates a List<T> from an IQueryable by enumerating it asynchronously.
The fact that await frees the thread up to do other things means that it can remain responsive to additional user actions and input. But, even if there is no graphical user interface, we can see the advantage of freeing up a thread.
Set the legacyImpersonationPolicy
to false
and alwaysFlowImpersonationPolicy
to true
inside your web.config
and restart IIS
<configuration>
<runtime>
<legacyImpersonationPolicy enabled="false"/>
<alwaysFlowImpersonationPolicy enabled="true"/>
</runtime>
</configuration>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With