ASP.NET - Using impersonation but connecting to SQL Server using AppPoolIdentity

Question

We'd like to migrate our SQL Server connections over to using Windows authentication in an ASP.NET application that uses impersonation for connection to a third party system. If we switch the connection strings to using Windows authentication then the impersonated user gets passed through and the connection fails.

Is there a way to use Windows authentication using the account that the Application Pool is running under, whilst still using impersonation for other things?

Answer 1

Windows Integrated authentication will use whatever account is currently being impersonated. Here are a couple things you might try:

1. Limit impersonation scope. Only impersonate for the method calls which absolutely need it, and stop impersonating immediately after.
2. Use SQL Authentication instead of Windows
3. Impersonate on a separate thread, and access your 3rd party system only via that thread
4. Make your SQL calls through a separate web service which does not use impersonation