3

I'd like to open a source safe database using Interop.SourceSafeTypeLib 5.2.0.0 on SourceSafe 8.

This should happen in a server service running under 'network service' account. The server service should use the interop to open ss database. The database, however, resides on another server so ss must access a network share. All this should be done under client's identity, so there is a double-hop issue involved.

Now, I managed to use kerberos to impersonate at the server service, having the WindowsIdentity.ImpersonationLevel be Delegation. With this, I'm able to read the ss.ini at the remote share with File.ReadAllText.

I thought that should be enough to make the sourcesafe interop run as if it was run within the service configured to run under the client's account. However, I was wrong and I still get "cannot open database". (If I actually try setting the server service to run under client's account, it works well.)

What am I missing here?

František Žiačik
  • 7,511
  • 1
  • 34
  • 59
  • 1
    I suspect what you have is a problem with Impersonation not crossing the COM boundary. You'll probably need to use the Win32 LogonUser function. See http://stackoverflow.com/questions/2563724/accessing-password-protected-network-drives-in-windows-in-c/2563809#2563809 for a related question that should help you get headed in the right direction. – JamieSee Mar 13 '13 at 23:18
  • What type of service are you creating? A Windows service or a web service of some sort? If it is a Windows service, how does the client communicate with it? Can you share any of your code? – Holistic Developer Dec 10 '13 at 16:25

0 Answers0