I am having a problem with SQL-CLR impersonation.
SQL Server 2012 on Windows 2008 R2, 64-bit.
C# code line is:
WindowsIdentity CallerIdentity = SqlContext.WindowsIdentity;
Exception thrown:
Msg 6522, Level 16, State 1, Line 2
A .NET Framework error occurred during execution of user-defined routine or aggregate "GetFile":
System.InvalidOperationException: Data access is not allowed in this context. Either the context is a function or method not marked with DataAccessKind.Read or SystemDataAccessKind.Read, is a callback to obtain data from FillRow method of a Table Valued
Function, or is a UDT validation method.
System.InvalidOperationException:
at System.Data.SqlServer.Internal.ClrLevelContext.CheckSqlAccessReturnCode(SqlAccessApiReturnCode eRc)
at System.Data.SqlServer.Internal.ClrLevelContext.GetCurrentContext(SmiEventSink sink, Boolean throwIfNotASqlClrThread, Boolean fAllowImpersonation)
at Microsoft.SqlServer.Server.InProcLink.GetCurrentContext(SmiEventSink eventSink)
at Microsoft.SqlServer.Server.SmiContextFactory.GetCurrentContext()
at Microsoft.SqlServer.Server.SqlContext.get_WindowsIdentity()
at SingleFileLoader.SingleFileLoaderHelper()
at SingleFileLoader..ctor(String FileName)
at FileAccess.GetFile(String FileName)
This is the code I am running see link below, it is something that was coded by one of the SQL Server folks Balaji Rathakrishnan so it should work "as is" but for me it does not work.
http://blogs.msdn.com/b/sqlclr/archive/2005/05/05/415034.aspx
My database is marked Trustworthy, CLR is enabled, other SQL-CLR code works, only impersonation code fails.
If I comment out the impersonation code then the rest of the code works fine - albeit under service account credentials only.
Any ideas why impersonation is not working from SQL-CLR?
The SQL Server service is running as a "local system", not sure if service must run as a regular Windows Domain account for impersonation to work from SQL-CLR.
Altering function to use Execute as Caller or as Owner does not change anything, same error is received.
Clearly there is some documentation that I have overlooked but I am unable to find it, the impersonation part of Windows seems to work by some sort of magic! 8^)
Thanks in advance
Yuri Budilov
Yuri Budilov