I am running into an issue attempting to play a WMV file across the
network while impersonating. I have WMV files that I can only access
while impersonating, so I do the impersonation and can see the file
(without impersonation, the framework returns that the file does not
exist), but when I try to load the file into my Windows Media Player
control (embedded in a VB.Net WinForms app), the player window is just
plain black. No errors are thrown, but it just sits there not playing.
I have given it sufficient time to play the file thinking that it
could be just an issue with network speed, but it does not actually
play. At one point, all domain users were able to access this folder,
and the files played fine then, but a requirement has changed and
security must be tightened, so this is no longer an option. I tried
using DirectShow to render the file from within code to a plain panel
control, but DirectShow at least throws an error that it cannot play
the file while using DirectShow. Any help would be greatly
appreciated!

PS - If there is a better group that this should be posted to, just
let me know and I will post it there. Since the issue crosses some
technology lines, I put it in general. I definitely did not mean any

[quoted text, click to view]

Here's a some more info that I have since been able to figure out.
Using a simple test app with a Windows Media Player control thrown on
it, I have been able to determine that the issue seems to be that the
Windows Media Player control is executing under an unmanaged thread,
and since all of the impersonation that we are doing is executing
under the CLR, I believe the issue could be that the security context
is not getting passed to the unmanaged thread. If I go through Windows
Explorer to the executable file for this sample app and use the RunAs
command, I can pass the correct credentials, and everything works. I
believe this is because the entire process is then being run under the
correct credentials, so all threads (even unmanaged ones) are being
created with the correct security context.

Knowing this gives some outs for some hacks, but we run into some
issues since this app is eventually meant to be run as a Single Sign-
On app. If we start the executable under a privileged context, then
the Windows Identity will reflect the privileged account, not the
Windows account that the user is logged into.

Ideally, what would be perfect (relatively speaking) is that at the
time that we need to play the files, the security context could be
switched for the threads being used by the Windows Media Player
control. Is that even possible? Does anyone have any other