Click here to Skip to main content
15,306,017 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
I have a silverlight application which fetches data from a WCF Service hosted under a Windows Service which runs under the "Local System" account i.e. NT AUTHORITY/ SYSTEM.

I have enabled Windows Authentication on this WCF service using the below in my App.config

<system.servicemodel> 
<behaviors> 
  <endpointbehaviors> 
    <behavior name="webHttpBehavior"> 
      <webhttp /> 
    </behavior> 
  </endpointbehaviors> 
  <servicebehaviors> 
    <behavior name="defaultServiceBehavior"> 
      <servicemetadata httpgetenabled="true" /> 
      <servicedebug includeexceptiondetailinfaults="true" /> 
    </behavior> 
  </servicebehaviors> 
</behaviors> 
<bindings>            
  <basichttpbinding> 
    <binding name="winAuthBasicHttpBinding" opentimeout="05:00" sendtimeout="05:00"> 
      <security mode="TransportCredentialOnly"> 
        <transport clientcredentialtype="Windows" /> 
      </security> 
    </binding> 
  </basichttpbinding> 
</bindings> 
<servicehostingenvironment aspnetcompatibilityenabled="true" multiplesitebindingsenabled="true" /> 
<services> 
  <service behaviorconfiguration="defaultServiceBehavior" name="DataService.CrossDomainService"> 
    <endpoint address="" behaviorconfiguration="webHttpBehavior" binding="webHttpBinding" contract="DataService.ICrossDomainService"> 
      <identity> 
        <dns value="107.0.0.12" /> 
      </identity> 
    </endpoint> 
    <host> 
      <baseAddresses> 
        <add baseaddress="http://107.0.0.12:2035/" /> 
      </baseAddresses> 
    </host> 
  </service> 
  <service behaviorconfiguration="defaultServiceBehavior" name="DataService.NewDataService">         
    <endpoint address="" binding="basicHttpBinding" bindingconfiguration="winAuthBasicHttpBinding" contract="DataService.INewDataService"> 
      <identity> 
        <dns value="107.0.0.12" /> 
      </identity> 
    </endpoint> 
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
    <host> 
      <baseAddresses> 
        <add baseaddress="http://107.0.0.12:2035/DataService/" /> 
      </baseAddresses> 
    </host> 
  </service> 
</services> 

</system.servicemodel>


I have also enabled Windows Authentication in the connection string for Oracle using Integrated Security=SSPI as below:

HTML
<connectionstrings>     
<add name="netTiersConnectionString" connectionstring="Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=107.0.0.17)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SVC001)));Integrated Security=SSPI; Min Pool Size= 1; Max Pool Size= 5;" /> 
</connectionstrings>    


Now when the Silverlight app makes a call to the WCF Service, the database connection happens using NT AUTHORITY/SYSTEM account instead of domainname/username credentials of the logged in user in the Silverlight app which itself uses Windows Authentication. Hence I get the invalid username error.

The same configurations work fine when I host the WCF service in a console application. But when I host in a windows service, it runs under a Local System account and hence I guess this issue.

What can I do so that the database connection is made using windows authentication credentials of logged in user and not the Local System account?

Thanks, Pankaj Chamria
Posted

1 solution

Now I'm not sure, but I beleave the account used as login to oracle is the one which runs the service not the one which has called the service.
You should look into impersonation
http://msdn.microsoft.com/en-us/library/ms730088.aspx[^]

So in you WCF method do something like the below (taken from the site I linked):
C#
WindowsIdentity callerWindowsIdentity =         ServiceSecurityContext.Current.WindowsIdentity;
if (callerWindowsIdentity == null)
{
    throw new InvalidOperationException("The caller cannot be mapped to a WindowsIdentity");
}
using (callerWindowsIdentity.Impersonate())
{
    //Do your thing here

}
   
v2
Comments
Pankaj Chamria 11-Aug-11 8:10am
   
Perfect! You pointed me in the right direction. The article link helped me find the answer. As I wanted the impersonation for my entire WCF service functions, I just used the attribute on top of every OperationContract and it worked like a charm..

[OperationBehavior(Impersonation = ImpersonationOption.Required)]

Thanks Simon!
Simon Bang Terkildsen 6-Oct-11 12:24pm
   
My pleasure
Espen Harlinn 6-Oct-11 10:36am
   
5'ed!
Simon Bang Terkildsen 6-Oct-11 12:24pm
   
Thank you, Espen

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900