Reputation: 125
Calling WCF web services from an ASP.NET web application using impersonation and channel factory
I have various bits of functionality implemented in WCF web services which are currently consumed by an Excel client via a local COM-visible library. I wish to implement some of the front-end functionality in a web client. I set up my client proxy using
dataChannel.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
ASP.NET impersonation is turned on as is windows authentication (no anonymous). When web services and web site are hosted on the same server there are no issues and the desktop user's credentials are passed from browser to web site to WCF perfectly. However, when web site and web services are hosted on different boxes (same domain, intranet only) I get 401 authentication errors. What am I doing wrong?
Upvotes: 1
Views: 1419
Answers (1)
Reputation: 21881
It sounds like you are suffering from the kerberos "double hop" problem. By default windows does not pass the kerberos authentication token onto another server so if you have user accesses webserver A and authenticates, webserver A accesses service on webserver B. WEbserver A does not pass the auithentication through to webserver B so you get a 401. I think this article should help you enable kerberos delegation between the web site server and the web service server
Upvotes: 2
Related Questions
- How to impersonate a user to a WCF service?
- Authentication/Impersonation issue with ASP.NET call to WCF Service
- WCF impersonation/ Authentication
- Impersonation error when calling wcf-service
- WCF Impersonation through configuration
- WCF AuthorizationPolicy: Impersonation Problem
- Impersonation in WCF Service and propagating to COM object
- WCF Service Impersonation
- WCF and <identity impersonate="true" />
- Impersonation WCF