Impersonation on .net service bus

Thu, 25 Jun 2009 12:13:32 Z

How to use impersonation or identity on .net service bus?

Impersonation on .net service bus

Fri, 26 Jun 2009 06:49:37 Z

Please refer to http://social.msdn.microsoft.com/Forums/en-US/netservices/thread/f35aa4f8-0d05-487c-8d79-25b3a4431500 to see how to use Windows identity on Service Bus. For impersonation, first your service needs to get a UPN claim issued by Geneva Server, which contains information about the user's identity. You can configure a rule in ACS: Input: the UPN claim, Output: Copy input value. That way, your service will be able to get the UPN claim. Then you can convert the UPN claim to a Windows token by calling S4UClient.UpnLogon method from Geneva Framework. The following code is extracted from the Convert Claims to NT Token sample from Geneva Framework. You can have a look at the complete sample under "Microsoft Geneva Framework\Samples\Extensibility\Convert Claims to NT Token".

// Gets the current identity and extracts the UPN claim.

IClaimsIdentity identity = ( ClaimsIdentity )Thread.CurrentPrincipal.Identity;

string upn = null;

foreach ( Claim claim in identity.Claims )

{

if ( StringComparer.Ordinal.Equals( System.IdentityModel.Claims.ClaimTypes.Upn, claim.ClaimType ) )

{

upn = claim.Value;

}

// Performs the UPN logon through the WTS service.

WindowsIdentity windowsIdentity = null;

if ( !String.IsNullOrEmpty( upn ) )

{

try

{

windowsIdentity =

S4UClient.UpnLogon( upn );

}

catch ( SecurityAccessDeniedException )

{

Console.WriteLine( "Could not map the upn claim to a valid windows identity." );

return;

}

else

{

throw new Exception( "No UPN claim found" );

}

using ( WindowsImpersonationContext ctxt = windowsIdentity.Impersonate() )

{

//Do work here...

}

Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.