<alwaysFlowImpersonationPolicy> Element 

  • Article

Specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed.

<alwaysFlowImpersonationPolicy  
  enabled="true|false"/>

Attributes and Elements

The following sections describe attributes, child elements, and parent elements.

Attributes

Attribute Description

enabled

Required attribute.

Indicates whether the Windows identity flows across asynchronous points.

Enabled Attribute

Value Description

false

The Windows identity does not flow across asynchronous points, unless the impersonation is performed through managed methods such as Impersonate. This is the default.

true

The Windows identity always flows across asynchronous points, regardless of how impersonation was performed.

Child Elements

None.

Parent Elements

Element Description

configuration

The root element in every configuration file used by the common language runtime and .NET Framework applications.

runtime

Contains information about assembly binding and garbage collection.

Remarks

In the .NET Framework versions 1.0 and 1.1, the Windows identity does not flow across asynchronous points. In the .NET Framework version 2.0, there is an ExecutionContext object that contains information about the currently executing thread, and flows it across asynchronous points within an application domain. The WindowsIdentity also flows as part of the information that flows across the asynchronous points, provided the impersonation was achieved using managed methods such as Impersonate and not through other means such as platform invoke to native methods. This element is used to specify that the Windows identity does flow across asynchronous points, regardless of how the impersonation was achieved.

You can alter this default behavior in two other ways:

  1. In managed code on a per-thread basis.

    You can suppress the flow on a per-thread basis by modifying the ExecutionContext and SecurityContext settings by using the System.Threading.ExecutionContext.SuppressFlow, System.Security.SecurityContext.SuppressFlowWindowsIdentity, or System.Security.SecurityContext.SuppressFlow method.

  2. In the call to the unmanaged hosting interface to load the common language runtime (CLR).

    If an unmanaged hosting interface (instead of a simple managed executable) is used to load the CLR, you can specify a special flag in the call to the CorBindToRuntimeEx function. To enable the compatibility mode for the entire process, set the flags parameter for CorBindToRuntimeEx to STARTUP_ALWAYSFLOW_IMPERSONATION.

Configuration File

This element can be used only in the application configuration file.

Example

The following example shows how to specify that the Windows identity flows across asynchronous points, even when the impersonation is achieved through means other than managed methods.

<configuration>
  <runtime>
    <alwaysFlowImpersonationPolicy enabled="true"/>
  </runtime>
</configuration>

See Also

Reference

Runtime Settings Schema
<legacyImpersonationPolicy> Element

Other Resources

Configuration File Schema for the .NET Framework