Export (0) Print
Expand All

<alwaysFlowImpersonationPolicy> Element

Specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed.

<configuration> Element
  <runtime> Element
    <alwaysFlowImpersonationPolicy> Element
<alwaysFlowImpersonationPolicy  
  enabled="true|false"/>

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute

Description

enabled

Required attribute.

Indicates whether the Windows identity flows across asynchronous points.

Enabled Attribute

Value

Description

false

The Windows identity does not flow across asynchronous points, unless the impersonation is performed through managed methods such as Impersonate. This is the default.

true

The Windows identity always flows across asynchronous points, regardless of how impersonation was performed.

Child Elements

None.

Parent Elements

Element

Description

configuration

The root element in every configuration file used by the common language runtime and .NET Framework applications.

runtime

Contains information about assembly binding and garbage collection.

In the .NET Framework versions 1.0 and 1.1, the Windows identity does not flow across asynchronous points. In the .NET Framework version 2.0, there is an ExecutionContext object that contains information about the currently executing thread, and flows it across asynchronous points within an application domain. The WindowsIdentity also flows as part of the information that flows across the asynchronous points, provided the impersonation was achieved using managed methods such as Impersonate and not through other means such as platform invoke to native methods. This element is used to specify that the Windows identity does flow across asynchronous points, regardless of how the impersonation was achieved.

You can alter this default behavior in two other ways:

  1. In managed code on a per-thread basis.

    You can suppress the flow on a per-thread basis by modifying the ExecutionContext and SecurityContext settings by using the ExecutionContext.SuppressFlow, SecurityContext.SuppressFlowWindowsIdentity, or SecurityContext.SuppressFlow method.

  2. In the call to the unmanaged hosting interface to load the common language runtime (CLR).

    If an unmanaged hosting interface (instead of a simple managed executable) is used to load the CLR, you can specify a special flag in the call to the CorBindToRuntimeEx Function function. To enable the compatibility mode for the entire process, set the flags parameter for CorBindToRuntimeEx Function to STARTUP_ALWAYSFLOW_IMPERSONATION.

Configuration File

This element can be used only in the application configuration file.

The following example shows how to specify that the Windows identity flows across asynchronous points, even when the impersonation is achieved through means other than managed methods.

<configuration>
  <runtime>
    <alwaysFlowImpersonationPolicy enabled="true"/>
  </runtime>
</configuration>

Community Additions

ADD
Show:
© 2014 Microsoft