Impersonation

A user's access to Microsoft® Exchange Server information is handled in a thread of execution within the Microsoft® Internet Information Server (IIS) process. If the user wants authenticated access — to open a mailbox, for example — this thread must impersonate a Microsoft® Windows NT® security context. In other words, to be granted authenticated access to the Microsoft Exchange information store, a thread must be associated with a set of valid security credentials.

The impersonation process has two parts:

1. At the time a user logs on, save the valid security context into the Session object.
2. When rendering a page in a multiframe set, or when a session ends, retrieve the saved security context and call the Impersonate method on the RenderingApplication object.

    To save a security context

At the time of user logon, use a command such as the following (from the file lib\logon.inc), to save the current security context in the session object:

Session("hImp") = objRenderApp.ImpID
 

    To impersonate the logged on user

1. When rendering a page in a multiframe set, or as a session is ending (such as in the method Session_onEnd in the file global.asa), retrieve the saved security context handle from the Session object. The following code is from the file lib\session.inc:

   hImp = Session("hImp")
    

2. Get the RenderingApplication object and call the Impersonate method, passing the security context handle, as shown in the following code from the file lib\session.inc.

   set objRA = Application(bstrRenderApp)
   objRA.Impersonate(hImp)