tags:

views:

980

answers:

2
Q: 

WCF and <identity impersonate="true" />

Hi there,

What is the difference between these two lines of web.config code
1.

<identity impersonate="true" />

2.

<identity impersonate="true" userName="MyUserName" password="MyPassword"/>

Where MyuserName and MyPassword are my windows credentials. If you have IIS setup to use windows credentials shouldn't "1." pass in my windows credentials and hence be the same as "2."?

My app is dying when I use "1" with an authentication error when trying to connect to my WCF service. There is obviously nothing wrong with the code in my service and the code that calls my service as "2" works just fine and passes the client credentials to my WCF service.

the IIS config for the website is setup for windows authentication and the user it runs under is trusted for delegation.

So how can I get my windows credentials passed through without hard coding them?

+3  A: 

If you read the MSDN page about the ASP.NET identity impersonation, you will notice that if the <identity> element does not include credentials, ASP.NET will impersonate the token passed to it by IIS, which can be either the identity of the request authenticated user or the anonymous Internet user account (IUSR_machinename). Seems to me that in the scenario 1. above ASP.NET is getting the anonymous user token, which would explain the failure. You can try disabling anonymous access to your web service to force the WIndows authentication to kick in.

Franci Penov  2009-09-01 03:07:50
Good answer, Franci! [--broger]
bobbymcr  2009-09-01 03:17:29
thanks Franci, anonymous access is actually disabled and the "Integrated Windows security" is checked. any idea why it would not be working?
 2009-09-01 04:44:42
@KateK check the IIS logs and the Windows event log for more details on the exact error.
Franci Penov  2009-09-01 05:08:07
A: 

What you're seeing is a problem with delegation. If you use 

<identity impersonate="true" />

then what happens is your ASP.NET pages will run under the credentials of the user logged in (assuming Windows authentication). However these credentials are not passed onto any calls made outside of your application such as a connection to SQL or a connection to a WCF service. You need to use the credentials passed to ASP.NET and then use impersonation before calling your web service;

using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
{
    WCFTestService.ServiceClient myService = new WCFTestService.ServiceClient();
    Response.Write(myService.GetData(123) + "<br/>");
    myService.Close();
}

There's more details on the WCF Security Patterns and Practices site.

blowdart  2009-09-21 10:37:18

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?