locked
WF WCF (XAMLX) to WCF & Delegation RRS feed

  • Question

  • Hi All

    I am trying to get double hop impersonation working using delegation from a forward facing WF WCF service. This is the basic setup:

    (Client WPF/Silverlight) -> WF WCF (IIS7.0) -> WCF (IIS6.0)

    The whole lot works on a development machine but when distributed to the various servers I have been getting an error when calling an operation on the back end WCF = "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'"

    After hours of digging around online and trying various things I came across this blog post here: http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx

    In summary it seems the double hop between servers (WCF-WCF) is the problem so I have been following the blog above as my setup is fairly similar.

    One part of the blog states that I enter the following in the config for the WF WCF which I have done.

          <serviceBehaviors>
            <behavior>
                ...
               <serviceAuthorization impersonateCallerForAllOperations="true" /> 
            </behavior>
          </serviceBehaviors>

    However following this I am getting this error when browsing to the WF WCF Service: The service operation '[MyOperation]' that belongs to the contract with the 'I[MyContract]' name and the '[MyNameSpace]' namespace does not allow impersonation.

    I then figured that I need to somehow adorn the [OperationBehavior(Impersonation = ImpersonationOption.Allowed)] attribute to my WF WCF service operation but of course I cannot since its defined as a WF Receive Activity.

    So finally my question, how can I do this? Is there a way via config, am I even on the right path?

    Note I have also referred to this thread http://social.msdn.microsoft.com/Forums/en-US/windowsworkflowfoundation/thread/2f9dea15-e869-4029-b2c7-9821f80faf21 which doesn't really help me since the WF WCF activation fails, presumably because of impersonateCallerForAllOperations="true".

    Any help greatly appreciated.

    Regards
    Dan

    Tuesday, October 19, 2010 4:21 PM

Answers

  • Hi Dan,

    Have you considered using WF Security Pack? It's a code plex drop from Microsoft that is published here: http://wf.codeplex.com/

    Ameen.

    • Marked as answer by Andrew_Zhu Wednesday, October 27, 2010 8:50 AM
    Wednesday, October 20, 2010 6:30 PM