CODEWITHSUNDEEP
wcfauthenticationimpersonation
Wild Goat
Wild Goat

Reputation: 3579

WCF client authentication on server side

I have such structure on my client.

WindowsIdentity wi = WindowsIdentity.GetCurrent();
IntPtr token = wi.Token;

Next step is send authentication token to server through WCF and impersonate user there.

api.SendToken(token);

...
...
...

But as soon I receive token on server side and trying to build WindowsIdentity it throws me an error:

WindowsIdentity newId = new WindowsIdentity(token);

Invalid token for impersonation - it cannot be duplicated.

Could you guys please help me to figure out what I am doing wrong and share your ideas how do I pass token from client to server.

Thanks!

Upvotes: 1

Views: 399

Answers (1)

Sixto Saez
Sixto Saez

Reputation: 12680

WCF already has built-in plumbing to support Windows impersonation. Is there is a reason you're trying to roll your own?

UPDATE to avoid link-only answers (ahhh, errors of my youth...)

Here are the basic steps needed to configure the built in WCF impersonation

  • Only some bindings support Windows authentication. The WSHttpBinding is the most common one to support it but others may support it too.

  • On the service contract, use the OperationBehavior attribute on the method that requires impersonation:

    [OperationBehavior(Impersonation=ImpersonationOption.Required)]
public string SomeMethod(string aParameter) { ... }

  • For the client, it is simplest to create a custom class inheriting from the ClientBase class. All service reference types inherit from this class. Here is an example of the client code:

    var client = new SomeClientBaseDerivedType("TheServiceEndpoint");
client.ClientCredentials.Windows.AllowedImpersonationLevel =
    System.Security.Principal.TokenImpersonationLevel.Impersonation;

Upvotes: 1

Related Questions