I'm trying to understand how I can impersonate a different user when accessing to SQL Server. Basically my C# application has to access the local-filesystem with the same account as it was launched with, but should use another account when accessing the database. IF the database is remote, I can achieve this splitting by using "runas /netonly", BUT if the server is local the process will use the credentials with which it was launched. The user which has the right credential for DB access is different from the user which have access to the filesystem I need to use. How can I solve this situation?
Basically my C# application has to access the local-filesystem with the same account as it was launched with
Split the app in two and separate this local file access requirement into a separate service that runs with the required privileges. the two parts of your app communicate using your IPC of choice (including authentication and authorization of the two app 'shards' between each other). This may sound complex, but is pretty much buletproof from security POV and not at all hard to implement. C# code can impersonate and reverse impersonation explicitly using WindowsIdentity. Access across network under impersonation is subject to delegation. But I believe going there (impersonating when connecting to DB, reverting when accessing local resources) is just a bugfarm in wait of a harvest... Separating the local access part code from the impersonating one in two services is much more robust imho.