WCF Security: Generic principal parsing
-
Hi, Is there a way to parse a generic/custom principal to the WCF service from a client application. By using impersonation I can impersonate the caller and hence get the caller's id. But what if I want to set a custom Principal on the client, and impersonate this custom created user. I can set the Thread.CurrentPrincipal OR WindowsIdentity of the client application as follow:
GenericIdentity identity = new GenericIdentity(username); String\[\] rolesForUser = System.Web.Security.Roles.GetRolesForUser(username); GenericPrincipal principal = new GenericPrincipal(identity, rolesForUser); AppDomain.CurrentDomain.SetThreadPrincipal(principal); // Sets the current thread current principal.But how can I now, on the service "Impersonate" this customly created new user? The thing is, we want to do both AD as well SQL authentication. Thus, if a setting is set to Windows, the login will be "invisible", and when set to SQL, it will authenticate via Username and Password. Now on the service, the DB calls will be made according to the user that calls the service, hence I need to know who made this service call. Can some one suggest some reading material or a possible solution. Any help would be much appreciated. Kind regards, Higs Additional info: Client config
<netTcpBinding>
<binding name="controllerServiceTcp" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="1048576" maxConnections="100" maxReceivedMessageSize="1048576">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="true" />
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</netTcpBinding>with
<behaviors>
<endpointBehaviors>
<behavior name="EndpointBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" />
</clientCredentials>
</behavior>
</endpointBehav -
Hi, Is there a way to parse a generic/custom principal to the WCF service from a client application. By using impersonation I can impersonate the caller and hence get the caller's id. But what if I want to set a custom Principal on the client, and impersonate this custom created user. I can set the Thread.CurrentPrincipal OR WindowsIdentity of the client application as follow:
GenericIdentity identity = new GenericIdentity(username); String\[\] rolesForUser = System.Web.Security.Roles.GetRolesForUser(username); GenericPrincipal principal = new GenericPrincipal(identity, rolesForUser); AppDomain.CurrentDomain.SetThreadPrincipal(principal); // Sets the current thread current principal.But how can I now, on the service "Impersonate" this customly created new user? The thing is, we want to do both AD as well SQL authentication. Thus, if a setting is set to Windows, the login will be "invisible", and when set to SQL, it will authenticate via Username and Password. Now on the service, the DB calls will be made according to the user that calls the service, hence I need to know who made this service call. Can some one suggest some reading material or a possible solution. Any help would be much appreciated. Kind regards, Higs Additional info: Client config
<netTcpBinding>
<binding name="controllerServiceTcp" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="1048576" maxConnections="100" maxReceivedMessageSize="1048576">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="true" />
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</netTcpBinding>with
<behaviors>
<endpointBehaviors>
<behavior name="EndpointBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation" />
</clientCredentials>
</behavior>
</endpointBehavThe only semi solution I can see is to use security mode = message, and to use clientCredetials of type UserName, then to use Custom userNameAuthentication and authorizationPolicies. Hope this will work for me ^_^