score:0

Accepted answer

I've actually managed to get this to work by getting rid of the impersonation API code and adding the following to my web.config:

  <location path="Services/MyServiceThatNeedsHigherPermissions.svc">
    <system.web>
      <identity impersonate="true" userName="domain\MyAccountWithElevatedPermissions" password="******"/>
    </system.web>
  </location>

The service runs under the context of my dedicated system account and connects to SQL using the same context.

score:2

Change LOGON32_LOGON_NETWORK to LOGON32_LOGON_NETWORK_CLEARTEXT in your call to LogonUser.

This caches the logon credentials in the local security provider, which should enable a successful SSPI handshake with SQL Server.


More questions

More questions with similar tag