<alwaysFlowImpersonationPolicy> ElementÂ
Specifies that the Windows identity always flows across asynchronous points, regardless of how impersonation was performed.
<alwaysFlowImpersonationPolicy
enabled="true|false"/>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
Attribute | Description |
---|---|
enabled |
Required attribute. Indicates whether the Windows identity flows across asynchronous points. |
Enabled Attribute
Value | Description |
---|---|
false |
The Windows identity does not flow across asynchronous points, unless the impersonation is performed through managed methods such as Impersonate. This is the default. |
true |
The Windows identity always flows across asynchronous points, regardless of how impersonation was performed. |
Child Elements
None.
Parent Elements
Element | Description |
---|---|
configuration |
The root element in every configuration file used by the common language runtime and .NET Framework applications. |
runtime |
Contains information about assembly binding and garbage collection. |
Remarks
In the .NET Framework versions 1.0 and 1.1, the Windows identity does not flow across asynchronous points. In the .NET Framework version 2.0, there is an ExecutionContext object that contains information about the currently executing thread, and flows it across asynchronous points within an application domain. The WindowsIdentity also flows as part of the information that flows across the asynchronous points, provided the impersonation was achieved using managed methods such as Impersonate and not through other means such as platform invoke to native methods. This element is used to specify that the Windows identity does flow across asynchronous points, regardless of how the impersonation was achieved.
You can alter this default behavior in two other ways:
In managed code on a per-thread basis.
You can suppress the flow on a per-thread basis by modifying the ExecutionContext and SecurityContext settings by using the System.Threading.ExecutionContext.SuppressFlow, System.Security.SecurityContext.SuppressFlowWindowsIdentity, or System.Security.SecurityContext.SuppressFlow method.
In the call to the unmanaged hosting interface to load the common language runtime (CLR).
If an unmanaged hosting interface (instead of a simple managed executable) is used to load the CLR, you can specify a special flag in the call to the CorBindToRuntimeEx function. To enable the compatibility mode for the entire process, set the flags parameter for CorBindToRuntimeEx to STARTUP_ALWAYSFLOW_IMPERSONATION.
Configuration File
This element can be used only in the application configuration file.
Example
The following example shows how to specify that the Windows identity flows across asynchronous points, even when the impersonation is achieved through means other than managed methods.
<configuration>
<runtime>
<alwaysFlowImpersonationPolicy enabled="true"/>
</runtime>
</configuration>
See Also
Reference
Runtime Settings Schema
<legacyImpersonationPolicy> Element