Saturday, June 4, 2011

Allowing CLR Code Access to Windows OS Resources with Minimum Permissions

SqlContext.WindowsIdentity can be used to retrieve the token associated with the current security context. Managed code in EXTERNAL_ACCESS and UNSAFE assemblies can use this method to retrieve the context and use the .NET Framework WindowsIdentity.Impersonate method to impersonate that context.

In other words, use SqlContext.WindowsIndenity to allow a CLR running in SQL Server to access Windows OS Resources without granting excess priveleges to SQL Server.

No comments:

Post a Comment