From f0820875c30067def4194f86a414d060254eefd3 Mon Sep 17 00:00:00 2001
From: Steve Syfuhs <stsyfuhs@microsoft.com>
Date: Fri, 30 Mar 2018 11:40:37 -0700
Subject: [PATCH] Fixed enum value. Any actual unicode strings passed in will
 only use the first character because the 0 byte after the first character is
 treated as a terminator. Added ability to set the current thread principal so
 it's inline with the actual security context.

---
 NSspi/Contexts/ImpersonationHandle.cs | 12 +++++++++++-
 NSspi/Contexts/ServerContext.cs       | 10 +++++++++-
 NSspi/Credentials/AuthData.cs         |  2 +-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/NSspi/Contexts/ImpersonationHandle.cs b/NSspi/Contexts/ImpersonationHandle.cs
index d721930..477702b 100644
--- a/NSspi/Contexts/ImpersonationHandle.cs
+++ b/NSspi/Contexts/ImpersonationHandle.cs
@@ -1,4 +1,6 @@
 using System;
+using System.Security.Principal;
+using System.Threading;
 
 namespace NSspi.Contexts
 {
@@ -29,6 +31,14 @@ namespace NSspi.Contexts
             this.disposed = false;
         }
 
+        /// <summary>
+        /// Set the current thread security context to the impersonated identity
+        /// </summary>
+        public void SetThreadIdentity()
+        {
+            Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent(TokenAccessLevels.AllAccess));
+        }
+
         ~ImpersonationHandle()
         {
             Dispose( false );
@@ -45,7 +55,7 @@ namespace NSspi.Contexts
 
         protected virtual void Dispose( bool disposing )
         {
-            if( disposing && this.disposed == false && this.server != null && this.server.Disposed == false )
+            if ( disposing && this.disposed == false  && this.server != null && this.server.Disposed == false )
             {
                 this.server.RevertImpersonate();
             }
diff --git a/NSspi/Contexts/ServerContext.cs b/NSspi/Contexts/ServerContext.cs
index c9b331f..65bcfef 100644
--- a/NSspi/Contexts/ServerContext.cs
+++ b/NSspi/Contexts/ServerContext.cs
@@ -14,6 +14,7 @@ namespace NSspi.Contexts
         private ContextAttrib finalAttribs;
 
         private bool impersonating;
+        private bool setThreadIdentity;
 
         /// <summary>
         /// Performs basic initialization of a new instance of the ServerContext class. The ServerContext
@@ -21,12 +22,14 @@ namespace NSspi.Contexts
         /// </summary>
         /// <param name="cred"></param>
         /// <param name="requestedAttribs"></param>
-        public ServerContext( Credential cred, ContextAttrib requestedAttribs ) : base( cred )
+        /// <param name="setThreadIdentity">True to automatically set the thread identity while impersonating</param>
+        public ServerContext( Credential cred, ContextAttrib requestedAttribs, bool setThreadIdentity = false ) : base( cred )
         {
             this.requestedAttribs = requestedAttribs;
             this.finalAttribs = ContextAttrib.Zero;
 
             this.impersonating = false;
+            this.setThreadIdentity = setThreadIdentity;
 
             this.SupportsImpersonate = this.Credential.PackageInfo.Capabilities.HasFlag( SecPkgCapability.Impersonation );
         }
@@ -237,6 +240,11 @@ namespace NSspi.Contexts
                 throw new SSPIException( "Failed to impersonate the client", status );
             }
 
+            if ( this.impersonating && this.setThreadIdentity )
+            {
+                handle.SetThreadIdentity();
+            }
+
             return handle;
         }
 
diff --git a/NSspi/Credentials/AuthData.cs b/NSspi/Credentials/AuthData.cs
index bfa3f9b..4e6ea21 100644
--- a/NSspi/Credentials/AuthData.cs
+++ b/NSspi/Credentials/AuthData.cs
@@ -50,6 +50,6 @@ namespace NSspi.Credentials
     {
         Ansi = 1,
 
-        Unicode = 1
+        Unicode = 2
     }
 }
\ No newline at end of file