NLog: Log the user who called the application in a WCF application in IIS

Question

I have the following scenario:

• A deployed WCF service running as windows hosted service. This WCF service is used to log specific events to a database (NLog v2). This service uses basicHttpBinding.

• A deployed web application (different server) under IIS. The Application pool runs under NETWORK SERVICE credentials. The web application authentication is Windows-integrated (Active Directory credentials).

Whenever I call the WCF from a console application I can get the user identity from System.Threading.Thread.CurrentPrincipal.Identity.Name ; when I call it from the web application I expect to get "DOMAIN\\SERVER$" as the thread identity name (which occurs as expected).

My problem is: I'd like to get the user who called the web application. I've already tried to set the AspNetCompatibilityRequirements attribute in the WCF service contract, but the ${asp-application} , ${aspnet-user-identity} and ${asp-request} parameters in NLog are read as null . The HttpContext in the web application is OK, but it is not being sent to the WCF. There's a Credentials property in the NLog.Logger class, but it's read-only.

Does anyone know how to solve it?

Answer 1

Probably, you need to set impersonateCallerForAllOperations attribute

See MSDN for details: http://msdn.microsoft.com/en-us/library/ms731306.aspx

Answer 2

If you could get the user from code, you could do this:

using NLog.LayoutRenderers;

...

// Register ${myUser}, do this as soon as possible (e.g. app_start)
LayoutRenderer.Register("myUser", (logEvent) => someUser);

Now you could use ${myUser} in your nlog config1