How to check if a Windows Identity is impersonating?

Question

Is it possible to check whether a WindowsIdentity is impersonating?

Answer 1

Yes. Just examine the ImpersonationLevel property of the WindowsIdentity class.

From MSDN:

Gets the impersonation level for the user

• Anonymous - The server process cannot obtain identification information about the client, and it cannot impersonate the client
• Delegation - The server process can impersonate the client's security context on remote systems
• Identification - The server process can obtain information about the client...
• Impersonation - The server process can impersonate the client's security context on its local system.
• None

Code snippet (modified MSDN example):

var identity = WindowsIdentity.GetCurrent();
Console.WriteLine("Before impersonation: " + identity.Name);
Console.WriteLine("ImpersonationLevel: {0}", identity.ImpersonationLevel);

// Use the token handle returned by LogonUser. 
using (WindowsIdentity newId = new   
       WindowsIdentity(safeTokenHandle.DangerousGetHandle()))
{
    using (WindowsImpersonationContext impersonatedUser = newId.Impersonate())
    {

        // Check the identity.
        identity = WindowsIdentity.GetCurrent();
        Console.WriteLine("After impersonation: "+ identity.Name);
        Console.WriteLine("ImpersonationLevel: {0}", identity.ImpersonationLevel);
    }
}

Output:

More

Tell me more