While playing with the new Named Pipe classes in 3.5 I noticed that a simpler model for impersonating the client is used here. Instead of putting the burden on the user to call Impersonate on a WindowsIdentity (and making sure that impersonation is undone correctly), you simply pass a delegate that should run impersonated to RunAsClient…interesting.
using (var server = new NamedPipeServerStream("pipe")) { Console.WriteLine("waiting"); server.WaitForConnection(); Console.WriteLine("connected"); using (var reader = new StreamReader(server)) { string message = reader.ReadLine(); string client = server.GetImpersonationUserName(); Console.WriteLine("{0} says {1}", client, message); // runs under client identity server.RunAsClient(delegate { Console.WriteLine("impersonated identity: {0}", WindowsIdentity.GetCurrent().Name); // access some resource }); } }
leastprivilege.com 