{"id":921,"date":"2005-08-16T21:05:00","date_gmt":"2005-08-16T21:05:00","guid":{"rendered":"\/blogs\/bobb\/post\/SqlTypesSqlXml-and-impersonation.aspx"},"modified":"2005-08-16T21:05:00","modified_gmt":"2005-08-16T21:05:00","slug":"sqltypes-sqlxml-and-impersonation","status":"publish","type":"post","link":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/","title":{"rendered":"SqlTypes.SqlXml and impersonation"},"content":{"rendered":"<p>\nI&#39;ve been working on a student question about using Impersonation inside of a stored procedure. This one&#39;s worth sharing.\n<\/p>\n<p>\nYou can do impersonation using the .NET SqlClient data provider using code roughly like this:\n<\/p>\n<p>\nWindowsIdentity w = SqlContext.WindowsIdentity;<br \/>\nWindowsImpersonationContext c = w.Impersonate();<br \/>\n\/\/ do something here<br \/>\nc.Undo();\n<\/p>\n<p>\nThe rule is that in the &quot;do something here&quot; part, I&#39;m allowed to do things like access the file system and these happen using the correct identity. But I&#39;m NOT allowed to do data access. I&#39;d always thought that &quot;data access&quot; meant using the classes in System.Data.SqlClient to access database data. But using the System.Data.SqlTypes.SqlXml class (which uses XmlReader) is also considered data access. So this code fails:\n<\/p>\n<p>\npublic static void LoadSomeXML(SqlXml thexml)<br \/>\n{<br \/>\n\/\/ impersonate<br \/>\n\/\/ do something here is:<br \/>\n&nbsp;&nbsp; XmlDocument doc = new XmlDocument();<br \/>\n&nbsp;&nbsp; doc.Load(thexml.Value);<br \/>\n\/\/ undo<br \/>\n}\n<\/p>\n<p>\ninterestingly, this code works:<br \/>\npublic static void LoadSomeXML(SqlString thexml)<br \/>\n{<br \/>\n\/\/ impersonate<br \/>\n\/\/ do something here is:<br \/>\n&nbsp;&nbsp; XmlDocument doc = new XmlDocument();<br \/>\n&nbsp;&nbsp; doc.Load(thexml.Value);<br \/>\n\/\/ undo<br \/>\n}\n<\/p>\n<p>\nbecause it doesn&#39;t use XmlReader to do the load. So if you pass in a SqlXml type parameter and use this class inside an impersonation context, it will fail. The error message says &quot;Can&#39;t revert thread token in UDF\/UDP&#8230;&quot; so I wonder if this isn&#39;t related to some other threading issues reported using the impersonation context.\n<\/p>\n<p>\nA good rule of thumb is to only do the minimum number of operations required while in the impersonation context and revert back (Undo) as soon as possible. In this case, all I really wanted to do was call doc.Save(&quot;somefile.xml&quot;) to save to the filesystem. If I move the declaration of XmlDocument and doc.Load() outside the impersonation context, doc.Save() works perfectly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#39;ve been working on a student question about using Impersonation inside of a stored procedure. This one&#39;s worth sharing. You can do impersonation using the .NET SqlClient data provider using code roughly like this: WindowsIdentity w = SqlContext.WindowsIdentity; WindowsImpersonationContext c = w.Impersonate(); \/\/ do something here c.Undo(); The rule is that in the &quot;do something [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28,37,38],"tags":[],"class_list":["post-921","post","type-post","status-publish","format-standard","hentry","category-sql-server-2005","category-sql-server-xml","category-sqlclr"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.9.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SqlTypes.SqlXml and impersonation - Bob Beauchemin<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SqlTypes.SqlXml and impersonation - Bob Beauchemin\" \/>\n<meta property=\"og:description\" content=\"I&#039;ve been working on a student question about using Impersonation inside of a stored procedure. This one&#039;s worth sharing. You can do impersonation using the .NET SqlClient data provider using code roughly like this: WindowsIdentity w = SqlContext.WindowsIdentity; WindowsImpersonationContext c = w.Impersonate(); \/\/ do something here c.Undo(); The rule is that in the &quot;do something [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/\" \/>\n<meta property=\"og:site_name\" content=\"Bob Beauchemin\" \/>\n<meta property=\"article:published_time\" content=\"2005-08-16T21:05:00+00:00\" \/>\n<meta name=\"author\" content=\"Bob Beauchemin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bob Beauchemin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/\",\"name\":\"SqlTypes.SqlXml and impersonation - Bob Beauchemin\",\"isPartOf\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website\"},\"datePublished\":\"2005-08-16T21:05:00+00:00\",\"dateModified\":\"2005-08-16T21:05:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Server 2005\",\"item\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/category\/sql-server-2005\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SqlTypes.SqlXml and impersonation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/\",\"name\":\"Bob Beauchemin\",\"description\":\"SQL Server Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e\",\"name\":\"Bob Beauchemin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g\",\"caption\":\"Bob Beauchemin\"},\"sameAs\":[\"http:\/www.sqlskills.com\/blogs\/bobb\/\"],\"url\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/author\/bobb\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SqlTypes.SqlXml and impersonation - Bob Beauchemin","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/","og_locale":"en_US","og_type":"article","og_title":"SqlTypes.SqlXml and impersonation - Bob Beauchemin","og_description":"I&#39;ve been working on a student question about using Impersonation inside of a stored procedure. This one&#39;s worth sharing. You can do impersonation using the .NET SqlClient data provider using code roughly like this: WindowsIdentity w = SqlContext.WindowsIdentity; WindowsImpersonationContext c = w.Impersonate(); \/\/ do something here c.Undo(); The rule is that in the &quot;do something [&hellip;]","og_url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/","og_site_name":"Bob Beauchemin","article_published_time":"2005-08-16T21:05:00+00:00","author":"Bob Beauchemin","twitter_misc":{"Written by":"Bob Beauchemin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/","url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/","name":"SqlTypes.SqlXml and impersonation - Bob Beauchemin","isPartOf":{"@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website"},"datePublished":"2005-08-16T21:05:00+00:00","dateModified":"2005-08-16T21:05:00+00:00","author":{"@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e"},"breadcrumb":{"@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/sqltypes-sqlxml-and-impersonation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sqlskills.com\/blogs\/bobb\/"},{"@type":"ListItem","position":2,"name":"SQL Server 2005","item":"https:\/\/www.sqlskills.com\/blogs\/bobb\/category\/sql-server-2005\/"},{"@type":"ListItem","position":3,"name":"SqlTypes.SqlXml and impersonation"}]},{"@type":"WebSite","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website","url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/","name":"Bob Beauchemin","description":"SQL Server Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sqlskills.com\/blogs\/bobb\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e","name":"Bob Beauchemin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g","caption":"Bob Beauchemin"},"sameAs":["http:\/www.sqlskills.com\/blogs\/bobb\/"],"url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/author\/bobb\/"}]}},"_links":{"self":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/posts\/921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/comments?post=921"}],"version-history":[{"count":0,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/posts\/921\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/media?parent=921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/categories?post=921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/tags?post=921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}