WCF service and ActiveDirectory

Question

Hi All,

I am using a WCF call to update my database with any changes from ActiveDirectory. I call this WCF functin via client browser and the function trys to get details from AD within the servive itself. However the issue is AD needs UserName and Password to get any records.

Please advise how can I overcome this problem so that Windows looged in credentials are automactically accepted and AD is read.

I am using wsHttPBinding,Security: message and clientCredentials="Windows".

Thanks

Vikram

Answer 1

The call to Active Directory is going from the service.

The default settings for the service is impersonate=false and the identity of the application pool is NETWORK SERVICE.

Therefore, the call to AD is going in the security context of Network Service, which does not have the correct access, and cannot be given them, since it is a machine local account.

There are 3 ways to fix this.

• Set Authenticate=true in the web.config to allow access to AD to be done in the security context of the calling user.
• Change the identity of the application pool to that of a domain user that is allowed to access AD. Be sure to add this user to the local IIS_WPG group.
• Store the username and password of a user that is allowed to access AD, in the web.config file, and use these credentials to access AD.