Search code examples

How to enable a user for impersonation in Tridion 2009?

I'm trying to use Tridion's ContentManagment API to retrieve taxonomy categories and keywords, but I'm running into an Access denied error.

I have the following method:

public Dictionary<string, string> GetKeywords(string tcmUri)
     var result = new Dictionary<string, string>();

         // _settings.ImpersonationUser = "MYDOMAIN/myusername"
         using (var session = new Session(_settings.ImpersonationUser))
             var category = new Category(new TcmUri(tcmUri), session);
             var keywords = category.GetKeywords(new Filter());

             if (keywords != null && keywords.Count > 0)
                 foreach (var keyword in keywords)
                     result.Add(keyword.Id.ToString(), keyword.Title);
     catch (Exception ex)
             "Failed to retrieve keywords for '{0}'.".FormatWith(tcmUri), ex);

     return result;

The user I've got in _settings.ImpersonationUser has access to the Tridion Content Manager, is configured as an administrator, and has been added to Impersonation users in the "SDL Tridion Content Manager configuration" snap-in.

The error I'm getting is the following:

System.Runtime.InteropServices.COMException (0x80040302):
<?xml version="1.0"?>
<tcm:Error xmlns:tcm="" 
    ErrorCode="80040302" Category="16" Source="Kernel" Severity="2">
    <tcm:Line ErrorCode="80040302" Cause="true" MessageID="16226">
        <![CDATA[Access denied for the user MYDOMAIN\myuser.]]

Does anyone have any clues to what I'm doing wrong? Thanks in advance!


  • Here's a few things to understand when it comes to impersonation & Tridion...

    • The user executing the code should not have access to Tridion.
    • The user executing the code should be configured as a valid "Impersonation User"
    • The user that the code impersonates should be a valid Tridion user.

    If all those 3 conditions are true, impersonation will work.

    By executing the code, I mean the Windows account under which the code is being executed. If this account has access to Tridion, you do NOT need to use impersonation.

    Hope this helps.