WCF Web Services - Multiple Hop impersonation on the same server

Question

Hi Folks

I have 3 web services, all located on the same server.

My Client calls Service A, which impersonates the client to call Service B, and all is well.

Now, I want to impersonate the caller of service B (which is my username) to call Service C. When I use the same technique as before (AllowedImpersonationLevel = Impersonate, user.Impersonate()), The user doesnt get passed to service C. Instead, Service C sees the user as the user I am running it under in IIS (which is a UPN, not the standard NETWORK SERVICE account).

Is there anything special I need to do to get this working? Is this a delegation issue? (I thought it would not be delegation because they are all on the same server)

Thanks SO!

Answer 1

You can try turning on ASP.Net Compatibility on Service C

In Web.cofig

<system.web>
   <identity impersonate="true"/>
   <authentication mode="Windows"/>
</system.web>
<system.serviceModel>
   <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

In your service class

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class Service : IService
{
    public string ExecuteRequest(string xmlRequest)
    {
        IRequestManager requestManager = new RequestManager();
        return requestManager.ProcessRequest(xmlRequest);
    }

}

Answer 2

I would have expected to have to use delegation since you are crossing process boundaries twice. Have you tried TokenImpersonationLevel.Delegation?