locked
Either a required impersonation level was not provided, or the provided impersonation level is invalid. RRS feed

  • Question

  • Hi Experts ..

      The scinario is that I have 2 services,
    WCF Proxy for WCFService1 --call--> hosted WCFService1 (this init. a WCF Proxy for WCFService2) --call-> hosted WCFService2.

    here is the configuration (app.config):

     </appSettings>
        <system.serviceModel>
            <bindings>
                <netTcpBinding>
                  <binding name="TransactionalTCP" transactionFlow="true"
                           transactionProtocol="WSAtomicTransactionOctober2004">
                  </binding>

                    <binding name="NetTcpBinding_HermesScheduleItemService" closeTimeout="00:01:00"
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                        transactionFlow="true" transferMode="Buffered" transactionProtocol="WSAtomicTransactionOctober2004"
                        hostNameComparisonMode="StrongWildcard" listenBacklog="10"
                        maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10"
                        maxReceivedMessageSize="65536">
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                        <reliableSession ordered="true" inactivityTimeout="00:10:00"
                            enabled="false" />
                        <security mode="Transport">
                            <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
                            <message clientCredentialType="Windows" />
                        </security>
                    </binding>            
                </netTcpBinding>
            </bindings>
          <services>
            <service behaviorConfiguration="myServiceBehavior"
                     name="HermesNS.TC.Services.GenericNotes.HermesGenericNotesService">
              <host>
                <baseAddresses>
                  <add baseAddress="http://localhost:1111/GenericNotesService"/>
                </baseAddresses>
              </host>
              <endpoint address="net.tcp://localhost:2346/GenericService"
                        binding="netTcpBinding"
                bindingConfiguration="TransactionalTCP"
                contract="TopCoder.Services.WCF.GenericNotes.IGenericNotesServiceBase`4[[HermesNS.TC.Services.GenericNotes.Entities.HermesGenericNote, HermesNS.TC.Services.GenericNotes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null],[HermesNS.TC.Services.GenericNotes.Entities.HermesGenericNoteItem, HermesNS.TC.Services.GenericNotes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null],[HermesNS.TC.Services.GenericNotes.Entities.HermesGenericNoteItemHistory, HermesNS.TC.Services.GenericNotes, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null],[System.String, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]" >
                <identity>
                  <servicePrincipalName value="host/user"/>
                </identity>
              </endpoint>
            </service>
            <service name="HermesNS.TC.Services.ScheduleItem.HermesScheduleItemService"
             behaviorConfiguration="myServiceBehavior">
              <host>
                <baseAddresses>
                  <add baseAddress="http://localhost:9010/ScheduleService"/>
                </baseAddresses>
              </host>
              <endpoint address="net.tcp://localhost:1238/ScheduleService"
                  binding="netTcpBinding" bindingConfiguration="TransactionalTCP"
                  contract="HermesNS.TC.Services.ScheduleItem.HermesScheduleItemService" />
            </service>
          </services>
            <client>     
              <endpoint address="net.tcp://localhost:2346/GenericService"
                        behaviorConfiguration="tcpDelegation"
                  binding="netTcpBinding" bindingConfiguration="TransactionalTCP"
                  contract="HermesNS.TC.Services.GenericNotes.Client.IGenericNotesServiceBaseOf_HermesGenericNote_HermesGenericNoteItem_HermesGenericNoteItemHistory_String"
                  name="" >
                <identity>
                  <userPrincipalName value="USER\XPPRESP3"/>
                </identity>
              </endpoint>
                <endpoint address="net.tcp://localhost:1238/ScheduleService"
                    behaviorConfiguration="tcpDelegation"
                  binding="netTcpBinding"
                    bindingConfiguration="TransactionalTCP"
                    contract="HermesScheduleItemService"
                  name="SmokeTest">
                </endpoint>      
            </client>
          <behaviors>      
            <endpointBehaviors>    
              <behavior name="tcpDelegation">
                <clientCredentials>
                  <windows  allowNtlm="true"  allowedImpersonationLevel="Delegation" />
                  <httpDigest impersonationLevel="Delegation"/>
                </clientCredentials>
              </behavior>
            </endpointBehaviors>
            <serviceBehaviors>
              <behavior name="myServiceBehavior">
                <serviceMetadata  httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="true"/>
              </behavior>
            </serviceBehaviors>
          </behaviors>
        </system.serviceModel> 
    Tuesday, February 12, 2008 9:52 PM

Answers

  • Your scenario is not so clear but I will try to explain you one scenario.

     

    If your services are runing under IIS or under an NT service, they usually running under the security context of LocalService or NetworkService.

     

    SO based on that if your client application runs under Bob user account, and call Service1, then if Service1 call in turn Service2 and then Service2 need access to a folder MyFile on which Bob has full rights.

     

    From this scenario you will be not able to access that folder because it is reach by Service2 which is running under an account differtn that Bob.

    IN order to be able to access that folder by Bob from client aplication, then you need to use impersonate your client applciation to your service.

     

    Which mean that you need to call your Service under a user account as Bob.The only way to accomplish this is to set the ImpersonationLevel

     

    Hope it has give you some direction

     

    regards

    serge

    Wednesday, February 13, 2008 7:26 PM

All replies

  • Your scenario is not so clear but I will try to explain you one scenario.

     

    If your services are runing under IIS or under an NT service, they usually running under the security context of LocalService or NetworkService.

     

    SO based on that if your client application runs under Bob user account, and call Service1, then if Service1 call in turn Service2 and then Service2 need access to a folder MyFile on which Bob has full rights.

     

    From this scenario you will be not able to access that folder because it is reach by Service2 which is running under an account differtn that Bob.

    IN order to be able to access that folder by Bob from client aplication, then you need to use impersonate your client applciation to your service.

     

    Which mean that you need to call your Service under a user account as Bob.The only way to accomplish this is to set the ImpersonationLevel

     

    Hope it has give you some direction

     

    regards

    serge

    Wednesday, February 13, 2008 7:26 PM
  •  

     

     Thanks for your reply, I just found the problem, I got this error in Service1 but when I made a deep debug into Service2 I found the error is something else, I just don't know why this exception was thrown!

     

     Thanks again Smile

    Wednesday, February 13, 2008 9:12 PM
  • I just faced the same issue (Either a required impersonation level was not provided.....) in my win service and the issue turned out to be the folder didn;t exist in the path that I specified in the app.config.

     

    Monday, February 25, 2008 11:46 PM