How to enable impersonation?

Question

I have configured my service for windows authentication, and I would like to impersonate the windows account when queries are executed against my entity model.  I have tried adding <serviceAuthorization impersonateCallerForAllOperations="true"/> to my webconfig but I get the error "The service operation 'ProcessRequestForMessage' that belongs to the contract with the 'IRequestHandler' name and the 'http://tempuri.org/' namespace does not allow impersonation.".  I also looked into wrapping DataService<T> so that I could add the servicemodel attributes to require impersonation but unfortunately IDataService is internal.

Answer 1

I think that the answer is "YES", but do you have this in your webconfing?

<system.web> 
<identity impersonate="true"/> 
 </system.web>


And try to decorate your method with this attribute:
 [OperationBehavior(Impersonation = ImpersonationOption.Required)]


or

 [OperationBehavior(Impersonation = ImpersonationOption.Allowed)]


You must have this line in your webconfig: <serviceAuthorization impersonateCallerForAllOperations="true"/>


Bye :)

Answer 2

Thanks Vincente,

I should have mentioned that I was hoping for code-level impersonation support.

The web.config entry of

<system.web> 
<identity impersonate="true"/> 
</system.web>

enables IIS level impersonation rather than code level impersonation, and therefore does not require any wcf service level (or config level) adornments for impersonation.  But it does indeed work.  Thanks for the response.

-Brian

Answer 3

Adding this to my web.config didn't work for me. I still get the following error when the service is opened:

The service operation 'ProcessRequestForMessage' that belongs to the contract with the 'IRequestHandler' name and the 'http://tempuri.org/' namespace does not allow impersonation.

Any other ideas?