We currently have a setup like this:
lan\john lan\application1 lan\appService1 lan\appService2
client ------> website ----------> WCF Service1 ------> WCF Service2
So each website/service runs as a different identity account that is setup in active directory. Security checks are based on the identity of the immediate caller (i.e. WCF Service2 would verify that its caller lan\appService1 has the rights to perform that task).
For logging purposes though we need to know who the original caller was (in this example lan\john) so that we can record they did an action. I would like a way to do this in a more secure fashion than is currently being done (passing the string of "lan\john" as a message header with each call). Any ideas?