Geeks With Blogs


View Anthony Trudeau's profile on LinkedIn

Add to Technorati Favorites

Anthony Trudeau

Whew!  It's been a busy week.  Earlier in the week I put together an internal demo to illustrate some of the system architecture for an ungoing project.  And the purpose of this post is to document a couple of gotchas that may not be clear and didn't seem to be well documented.  This post is purposely terse, because I don't have a lot of time to be detailed due to some upcoming deadlines.

The architecture involves WCF Services that are hosted in a Windows Service and that will be consumed by both Windows Forms and ASP.NET clients.  Windows security will be used throughout and exclusively.  Therefore, I want calls to the data layer to reflect the caller and not the account of the hosting process (in this case Network Service).

Here's what I found out:

1. The ASP.NET client web.config file needed to have impersonation set using the following markup (I put it under the authentication element as shown):

<authentication mode="Windows"/>

<identity impersonate="true"/>


2. The service behavior had to be configured to use Windows for permissions and to impersonate callers.


  <behavior name="XXX.XXXXXXXXXXXX">

    <serviceMetadata httpGetEnabled="True"/>

    <serviceAuthorization principalPermissionMode="UseWindowsGroups" impersonateCallerForAllOperations="true" />




 Please remember this isn't meant to represent everything you need in order to impersonate callers through WCF services.  However, these bits of information may help you when it comes down to it.

Posted on Thursday, February 25, 2010 3:18 PM .NET | Back to top

Comments on this post: Impersonation with WCF Services and ASP.NET

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Anthony Trudeau | Powered by: