Accessing impersonated user’s details from code behind in C#

Hi all,

Many of us might know that in web development, config files play a very important role. Reading config file entries in a code-behind file is a very common thing in web development.

Config entries are stored in web.config file in the <appSettings> tag and can be accessed using System.Configuration.ConfigurationManager.AppSettings[“keyName”];

But there might be a case when we may have to access the impersonated user’s details in our code. These details cannot be accessed using ConfigurationManager.AppSettings[].

 

To access the Impersonated user’s details, we use the classes in the namespaces

System.Web.Configuration and System.Configuration.

First, we open the configuration file as a “Configuration” object using the WebConfigurationManager.OpenWebConfiguration(“pathToConfigFile”) method. The WebConfigurationManager class is defined in the System.Web.Configuration namespace.

 

Then we get the identity section from the config file to retrieve the user details. This is achieved using the IdentitySection class defined in System.Web.Configuration namespace and “GetSection()” method of “Configuration” class.

The “GetSection()” method returns the ConfigurationSection object specified in the parameter to the method. The return object is to be type cast into the required object type, in this case, “IdentitySection”.

 

Then, IdentitySectionObject.propertyName gives the value of the corresponding property.

 

The complete sample code is as shown. I have written the code in the Page_Load method for the time being.

 

 

using System.Web.Configuration;

using System.Configuration;

 

protected void Page_Load(object sender, EventArgs e)

{

        Configuration objConfigFile;

        objConfigFile = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);

 

        IdentitySection objIdentitySection = (IdentitySection)objConfigFile.GetSection(“system.web/identity”);

 

        if (objIdentitySection != null)

        {

            string username = objIdentitySection.UserName;

            string password = objIdentitySection.Password;

            bool impersonate = objIdentitySection.Impersonate;

            Configuration currentCOnfiguration = objIdentitySection.CurrentConfiguration;

         }

    }

 

The entry in the web.config file is as given below.

 

<system.web>

        <identity impersonate=”true” username=”domain\username” password=”pwdrandom” />

</system.web>

 

Make sure you specify the domain of the computer in the username part because if you specify only the username, there is a chance that you might get a runtime exception saying

“Could not create Windows user token from the credentials specified in the
config file. Error from the operating system ‘Logon failure: unknown user
name or bad password.”

 

Hope this helps!! 🙂