Geeks With Blogs
A Curious Mind #tastic

Anyone know how to get a WCF Host in IIS to behave as a specific user?

I want my WCF Service to use a specific user for database access and i don't want to spec a username/password in my connection string.

-d

Posted on Tuesday, October 2, 2007 2:19 PM | Back to top


Comments on this post: WCF Impersonation

# re: WCF Impersonation
Requesting Gravatar...
Either with explicit impersonation, or two hops impersonation - both of those assumes that you want to impersonate the user that is accessing the service.
Possibly the easiest route is to simple turn off impersonation and just setup the app pool process to the specified user.
Left by Ayende Rahien on Oct 02, 2007 5:41 PM

# re: WCF Impersonation
Requesting Gravatar...
I had a headache with this myself. In order to get this to work, you have to do a couple things.

1. Set up your config: Under the <system.web> tag, add your <identity impersonate="true" username="userdomain/username" password="password"/> tag and then you must use basic http binding with transport credential only as follows:
<basicHttpBinding>
<binding name="BasicDefault">

<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>

2. Setup IIS: Under the security tab, click the anonymous access... button. Then make sure anonymouse access is unchecked, and only check the "Integrated Windows authentication"


Enjoy!
Dwayne
Left by Dwayne on Nov 13, 2007 2:52 PM

# re: WCF Impersonation
Requesting Gravatar...
@Dwayne: You need to do two things to allow ASP.NET impersonation. You need to add the below in addition to the part you add in system.web.

<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>

Then you have to opt in on all classes where you plan to use ASP.NET Compatibility:

[AspNetCompatibilityRequirements(RequirementsMode=AspNetCompatibilityRequirementsMode.Allowed)]
public class Foo {}
Left by Robz on Nov 14, 2007 9:52 AM

# re: WCF Impersonation
Requesting Gravatar...
@Dwayne: We may definitely give the IIS anonymous access part a go. I don't remember if we tried that or not.
Left by Robz on Nov 14, 2007 9:55 AM

Your comment:
 (will show your gravatar)


Copyright © Dru Sellers | Powered by: GeeksWithBlogs.net