Forms Authentication and Impersonation

We've been testing the FileVistaControl using basic authentication and are very impressed. However, we have a requirement to integrate this application with our portal using forms authentication. We have FileVistaControl installed on a Windows 2008 server with IIS 7 and it is accessing a UNC path to a file share containing our user's home directories.

When I switch to forms or custom authentication, the ASP.Net impersonation doesn't seem to work... from what I've read, impersonation requires Windows authentication.

Is there a way to get the FileVistaControl to work with forms authentication and still do impersonation as the authenticated user so that the logged on user can only access their own folder on the share?

Nathan.

Yes when using Forms Authentication, using <identity impersonate="true"/> in web.config will not work.

This means you will need to impersonate in code as discussed in this article:
Upload Via Programmatic Impersonation

Please read this article for solutions on doing this programmatically:
How To: Use Impersonation and Delegation in ASP.NET 2.0

QUOTE:

LogonUser vs. WindowsIdentity(userPrincipalName)
If your application authenticates callers by using custom authentication, such as forms authentication, then you cannot impersonate the original caller through ASP.NET configuration. Instead you must call the Impersonate method of a WindowsIdentity object that you create for the original caller. You can obtain an impersonation token for the original caller, provided that the caller has a Windows account, by calling the Win32 LogonUser API (on Windows 2000 Server or Windows Server 2003) or by using a special form of the WindowsIdentity constructor that takes a single parameter of a user principal name (UPN). The technique you should use depends on the following: 

  •If your server is running Windows 2000 Server, you must use the Win32 LogonUser API. The extensions to the Kerberos protocol used by the WindowsIdentity(userPrincipalName) constructor are not available on Windows 2000 Server.
  •If you are impersonating a local account, you must use LogonUser.
  •If your server is running Windows Server 2003, you have the following choices: 
    ◦If your application has access to the user name and password of the caller (perhaps through a logon Web page) and needs to access local resources, you should use the Win32 LogonUser API. This is preferable to using the WindowsIdentity constructor because you do not need to grant the ASP.NET process account the "Act as part of the operating system" privilege.
    ◦If your application has access to the user name only, you must use the WindowsIdentity constructor. However, if your application needs to access local resources, you must grant the ASP.NET process account the "Act as part of the operating system" privilege.


Here are other related articles:
Resulting identity for each IIS authentication type and web.config authentication mode
How to implement impersonation in an ASP.NET application