I'm having a lot of problems that whenever I call an ASP.Net Identity Async method I get access denied exceptions from SQL server.
The following returns a user:
var user = (from u in ctx.Users
where u.Id == 1
select u).FirstOrDefault();
Whereas
var user = await userManager.FindByIdAsync(1);
Triggers an exception
System.Data.SqlClient.SqlException: Login failed for user 'DOMAIN\MACHINE$'.
What seems to be happening is we have the following line in our web.config configuration/system.web section
<identity impersonate="true" userName="DOMAIN\Domain User" password="xxx" />
This impersonated user has permission to access the SQL Server database but the application pool user does not. It seems that whenever I call an async method in ASP.Net Identity, it falls back to the app pool user and loses the impersonation.
I did find a similar sounding question with an explanation here https://stackoverflow.com/a/30876110/1093406
Could this also be causing my problem?
Is there any way around this apart from changing the app pool user to one that has database access?
Is using web.config to set an impersonation user an old way of doing things and now bad practice?
Edit: After further investigation I've found these articles http://www.hanselman.com/blog/AvoidUsingImpersonationInASPNET.aspx http://blog.codeishard.net/2012/09/17/await-async-mvc-and-impersonation/
Looks as though using the impersonation is a bad idea unless someone can tell me otherwise.
My solution in the end was to set the user on the App Pool rather than using Impersonation. This seems to have exactly the same effect as setting impersonation in the Web.config with equivalent security, just without the problems when Async is being used.
As @Erik said in his answer, it seems that impersonation is no longer supported and according to http://www.hanselman.com/blog/AvoidUsingImpersonationInASPNET.aspx it was never encouraged in the first place.