WCF Impersonation Error Calling ASMX

0

I have a web app that is calling a WCF Method with Impersonation set as required. In this method, I need to call another web service (ASMX) that returns security groups. The problem is, with the Impersonation set as Required, I get an error when I try to create an instance of the ASMX service.

WCF Service Method

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public List<MacroTypeInfo> GetFilteredMacroDataTypes(MacroDataTypeSection section)
{

    // Errors out here
    using (var login = new local.intranet.webservices.login())
    {
        login.getSecurityGroupsForUser(); // Never gets to this line
    }    

}

The error I get is

Either a required impersonation level was not provided, or the provided    
impersonation level is invalid. (Exception from HRESULT: 0x80070542)

Is there something else I must do to be able to call this web service insides this Impersonation required method? As soon as I remove the OperationBehavior attribute, the call works.

c#
web-services
wcf
asmx
impersonation
asked on Stack Overflow Apr 8, 2016 by user3726393

1 Answer

1

A server cannot impersonate a client to a remote server unless given permission. You can read about the different levels of impersonation here

If such impersonation is required the client has to allow it explicitly with an impersonation level of Delegation.

You can achieve this in a WCF client with the following endpoint behavior configuration:

<endpointBehaviors>
    <behavior name="delegateIdentity">
      <clientCredentials>
        <windows allowedImpersonationLevel="Delegation"/>
      </clientCredentials>
    </behavior>
</endpointBehaviors>

If you're using a generated proxy you can set this value on the proxy:

client.ChannelFactory.Credentials.Windows.AllowedImpersonationLevel =
    System.Security.Principal.TokenImpersonationLevel.Delegation;

Lastly if you're creating you proxy with a ChannelFactory<T> you can just set the same value as above on you ChannelFactory<T>.

answered on Stack Overflow Apr 8, 2016 by Amith Sewnarain

User contributions licensed under CC BY-SA 3.0