WCF Impersonation Pass-through

I wanted to call another WCF service from within my WCF service (in fact, I was calling the same service but hosted on a different machine). The function itself uses the callers identity to determine its behaviour, but the second call was arriving as the computer account on the remote machine (this is expected when the caller is running as Local System).

I used the advice from this page in order to reuse the caller’s identity.

In particular, I went with the declarative model (mostly since it was easier).

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public bool PassThroughMethod(string input)
{
  // Do things with the client's credentials,
  // e.g. call another service.
  return true;
}

Don’t forget both server code and the client need to be configure to enable impersonation.

using System.Security.Principal;
using System.ServiceModel;

// namespace and class and method setup, etc.

var channel = new ChannelFactory<IService>(
  new WSHttpBinding(),
  new EndpointAddress("http://localhost:8000/Service/service"));
channel.Credentials.Windows.AllowedImpersonationLevel =
  TokenImpersonationLevel.Impersonation;
return channel.CreateChannel();

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>