WCF Service Impersonation
This article explains about how to impersonate the service call, when client request for the operation
When client try to access the service resource, it does not have permission to do so. In this case, developer can impersonate the client request authorize to access the resource.
[OperationBehavior (Impersonation = ImpersonationOption.Allowed )]
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
Impersonation takes three level of setting
- NotAllowed : This indicate the service should not auto-impersonate
- Allowed : automatically impersonate the caller whenever Windows authentication is used, but it has no effect with other authentication mechanisms
- Required: It makes sure that Windows authentication is used else it will throw exception.
Impersonate all operation:
Impersonation can be allowed for all operation by setting the service Authorization in service behavior section as shown below.
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
Tips!
- Always create the service with Interface->Implementation format, mention the contract in Interface.
- Define the service in Class library and refer the class library in Host project. Don’t use service class in host project.
- Change the instance mode to per call as default.
- Always catch exception using try/catch block and throw exception using FaultException < T >.
- Logging and Include exception should be enable while compiling the project in debug mode. While in production deployment disable the logging and Include exception details.
|