We had to create a web service that needed to impersonate a user to upload some documents from a specific directory. The web service needed to upload as a specific defined user and this article was found online. The method was originally written to interact with Windows SharePoint Service 2.0 and SharePoint Portal Server 2003 but it still works perfectly against SharePoint 2010.

The page details the use of an Impersonator Class:

The Impersonator Class

There are several steps involved with performing explicit impersonation, which I have wrapped up into a class called Impersonator (download here) It appears this link is now dead. Here is an alternate link to this class: download here. The steps for impersonation are as follows:

  1. Authenticate a valid account which possesses the proper permissions to perform the necessary operations
  2. Create a new System.Security.Principal.WindowsIdentity instance that represents the account
  3. Begin impersonating the new Windows identity
  4. Perform actions that require higher permission level
  5. Stop impersonating and revert back to the client’s identity

The goal of wrapping these steps into one class is to write the following simple code to begin impersonation, execute code under the context of a different domain user account, and revert back to the original security context of the client:

Impersonator i = new Impersonator("SharePointRead", "MARINER",

// Code requiring higher permissions...


[see linked page for the rest of the details]

Way to revive an old thread (2006) :). I think this could come in handy for someone out there.

 Updated: Apr 2012 – link to code was dead.