I have a claims based SharePoint 2010 website where I need to call out to a back end non-claims aware system (K2 blackpearl).
So to achieve this I am attempting to use the claims to windows token service to impersonate the user as described here
Now when calling the c2wts using a user UPN to convert to a claim using the following code:
WindowsIdentity windowsIdentity = null;
SPSecurity.RunWithElevatedPrivileges(
delegate()
{
windowsIdentity = S4UClient.UpnLogon("[email protected]");
});
Now when I impersonate that windowsIdentity.ImpersonationLevel is Identification rather than Impersonate
using (WindowsImpersonationContext c = windowsIdentity.Impersonate())
{
Debug.WriteLine(WindowsIdentity.GetCurrent().ImpersonationLevel); // returns Identification
ConnectToK2();
c.Undo();
}
This I think is what is causing the problem as when trying to call off to the service using the token it is failing. The article mentioned above talks about getting a Impersonated token back but I am unable to do this.
Does anyone know what I may be doing wrong?
Thanks
To get impersonation level equal to impersonation, set impersonation in your web.config to false:
Also try not to perform impersonation inside "SPSecurity.RunWithElevatedPrivileges" since this way you are performing impersonation twice - first as a webapplication pool account (this is what RunWithElevatedPriviliges is causing) and then with your manual impersonation using token from c2wts.