Impersonation WCF

Question

I have a WCF service, hosted in IIS, which I require to impersonate the annon account.

in my Webconfig

<authentication mode="Windows"/>
<identity impersonate ="true"/>

Testing the following, with vs2008

        public void ByRuleId(int ruleId)
        {
            try
            {
                string user = WindowsIdentity.GetCurrent().Name;
                string name = Thread.CurrentPrincipal.Identity.Name;
                ........

                //get the data as a string.
                using (FileStream fs = File.Open(location, FileMode.Open))
                using (StreamReader reader = new StreamReader(fs))
                {
                   rawData = reader.ReadToEnd();
                }

            }
            catch.....
         }

this works. however if I add impersonation attribute

  [OperationBehavior(Impersonation=ImpersonationOption.Required)]
  public void ByRuleId(int ruleId)

this does not work with the error message

"Either a required impersonation level was not provided, or the provided impersonation level is invalid."

a little poking around I noticed the first way was authenticated by Kerboros and the second way just failed on authentication type

I am using the WCF client tool, to pass my credentials. this seems to be working.

Answer 1

Check the 'TokenImpersonationLevel' of identity of the current thread; you'll need it to be at least 'Impersonation' to perform operations on the machine that the service is running on.

Typically, if you are using a proxy client, you'll need to set the 'TokenImpersonationLevel' of the client:

http://www.devx.com/codemag/Article/33342/1763/page/4