WCF Data Services client does not impersonate my Credentials RRS feed

  • Question

  • I have a custom WCF Data services provider implementing IServiceProvider.

    My provider is hosted through a windows service (so, no IIS/ASP.NET). The service is started under the local system account. The service need to be impersonated so that my provider can connect to SQL Server.

    The problem is my client application is unable to impersonate my credential, therefore, connection to SQL Server failed.

    I've tried the following without success.

    • Attempt 1 (during initialization)
      DataContext ctx = new DataContext("some uri");
      ctx.Credentials = System.Net.CredentialCache.DefaultCredentials;
    • Attempt 2 (at SendRequest event)
      e.Request.Credentials = System.Net.CredentialCache.DefaultCredentials;
      e.Request.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
    • Attempt 3 (at SendRequest event)
      e.Request.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
      e.Request.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;

    On top of the above attempts, I've also setting the credential by manual login with no success.

    Example from http://msdn.microsoft.com/en-us/library/gg258445 seems simple and straight forward enough, it is not working for me.

    I'm not sure what have i done wrong or what am i missing in order to impersonate from a WCF Data Services client.


    It is difficult to tell where the issue is, did it fails to send credential to window service or did the window service fails to receive the credential or does the DataServiceHost totally ignore the credential.

    I have another service, a self hosted WCF window service, in this service I'm able to impersonate through the ServiceSecurityContext object. Unfortunately, this object is returning null in my Data Services solution.

    • Edited by Yew Fook Monday, July 23, 2012 10:37 AM input information
    Thursday, July 12, 2012 11:32 AM

All replies

  • I've managed to resolve the impersonation issue by doing the following

    • Setting binding as WebHttpSecurityMode.TransportCredentialOnly
    • Credential type as HttpClientCredentialType.Ntlm
    • Add the binding to service end point.

    Dim binding As New WebHttpBinding(WebHttpSecurityMode.TransportCredentialOnly)
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm 
    svcHost.AddServiceEndpoint(asmServiceHost.GetType("System.Data.Services.IRequestHandler"), binding, "")

    Monday, January 14, 2013 8:45 AM