Okay - after some more in depth research I finally found the solution how to flow impersonated windows identities across asynchronous tasks.
The solution is machine-wide and will be set for all (in this case) 64bit ASP.NET 4.5 applications.
Find the aspnet.config
file in C:\Windows\Microsoft.Net\Framework64\v4.0.30319
(probably this will apply for later versions, too) and change the value of legacyImpersonationPolicy
to false
<legacyImpersonationPolicy enabled="false"/>
Make sure to restart IIS (or reboot the machine).
This will then make Impersonation flowing, as long as you use managed methods for the impersonation. In my case I impersonate similar to this, which works fine:
class Impersonation : IDisposable
{
public static Impersonation Impersonate()
{
return new Impersonation();
}
private WindowsImpersonationContext ImpersonationContext { get; set; }
private Impersonation()
{
var currentIdentity = System.Threading.Thread.CurrentPrincipal.Identity as WindowsIdentity;
if (currentIdentity != null && currentIdentity.IsAuthenticated)
{
ImpersonationContext = currentIdentity.Impersonate();
return;
}
throw new SecurityException("Could not impersonate user identity");
}
public void Dispose()
{
if(ImpersonationContext != null)
ImpersonationContext.Dispose();
}
}
}
The aspnet.config setting (btw. it did not work to set it in the web.config file) is explained here: http://msdn.microsoft.com/en-us/library/ms229296(v=vs.110).aspx (it basically says, if this is true, we do it the .NET 1.1 way)
You can check, if the windows identity is flowed or not by using this method:
System.Security.SecurityContext.IsWindowsIdentityFlowSuppressed()