stackoom
  简体   繁体   中英

WCF Web Services - Multiple Hop impersonation on the same server

 原文  2010-05-26 13:45:44       c#/ .net/ wcf/ web-services/ impersonation

Question

I have 3 web services, all located on the same server.

My Client calls Service A, which impersonates the client to call Service B, and all is well.

Now, I want to impersonate the caller of service B (which is my username) to call Service C. When I use the same technique as before (AllowedImpersonationLevel = Impersonate, user.Impersonate()), The user doesnt get passed to service C. Instead, Service C sees the user as the user I am running it under in IIS (which is a UPN, not the standard NETWORK SERVICE account).

Is there anything special I need to do to get this working? Is this a delegation issue? (I thought it would not be delegation because they are all on the same server)

Thanks SO!

3 answers

solution1
 0  2010-06-04 15:44:46

You can try turning on ASP.Net Compatibility on Service C

In Web.cofig 

<system.web>
   <identity impersonate="true"/>
   <authentication mode="Windows"/>
</system.web>
<system.serviceModel>
   <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

In your service class 

[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class Service : IService
{
    public string ExecuteRequest(string xmlRequest)
    {
        IRequestManager requestManager = new RequestManager();
        return requestManager.ProcessRequest(xmlRequest);
    }

}

solution2
 0  2010-07-02 13:49:39

I would have expected to have to use delegation since you are crossing process boundaries twice. Have you tried TokenImpersonationLevel.Delegation?

solution3
 0 ACCPTED  2010-11-25 22:29:31

You require delegation in this scenario. The configuration you require is ImpersonationLevel.Delegation (set in config or code). Have a look at the WCF Security Guidance on codeplex it is a very good source. Be careful as achieving delegation, particularly in a production environment, requirements more than simply selecting the correct option in the config file. You need to ensure that the application you connect to, eg SQL server, are configured for delegation, and that certain infrastructure requirements are met within active directory and the like, such as service principal names (SPN).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multiple hops impersonation in .NET and web services Forms Authentication with Multiple Web Services on Same Server WCF 4.5 - multiple web services WCF multiple services same contract in same Config WCF the same type exposed by two web services WCF Web services calling multiple web services asynchronous Slow response between WCF Services on same server Authenticating with Exchange Web Services from server after setting up impersonation context multiple windows services using same wcf with multiple endpoints? WCF services with the same object
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM