I have old school web service and it is configured to impersonate the caller. Works with no problem. Now I am thinking about adding another more higher level ASP.NET (non-wcf) web service which would be calling the original web service.
The question is - will the client identity flow across two hops as in client (1)-> new web service (2)-> old web service) or there will be issues?
If you are hosting your services in IIS with Windows authentication the answer is probably yes
And this will probably result in NTLM delegation
Do you really need impersonation or simple authentication?
I believe unless the new ASP.NET web service impersonates the client, the identity will not flow to the second web service. If there is no impersonation then windows identity of the worker process will be sent to the old service. With impersonation, new service code will run under same user as that of client and then using DefaultCredentials, you can call the old web service.