Good morning everybody! Not the first day I struggle with a problem that does not allow to move on. There is a distributed system in which the client is located on machine # 1, the wcf service is on machine # 2, and ms sql server is on machine # 3.
On the client side, the level of impersonalization Delegation is used:

client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;

On the wcf side of the service, impersonalization (impersonation) is included for all contracts of operations

 <serviceAuthorization impersonateCallerForAllOperations="true" />

there is a special attribute for each operation contract

 [OperationBehavior(Impersonation = ImpersonationOption.Allowed)].

Thus, impersonation from the client to the service is normal, the service knows who the request came from, but already the request from the wcf service comes from an anonymous user, as indicated by the following error:

Login failed for user 'NT AUTHORITY \ ANONYMOUS LOGIN'.

client side app.config: http://pastebin.ru/ZgE5NiCH
web.config on the service side: http://pastebin.ru/vSNP7s4V

How to make the wcf-service contact the database on behalf of the user who caused the service?

  • it? msdn.microsoft.com/en-us/library/ff650591.aspx - maxleo
  • In theory, everything should work ... The error is somewhere in the details. Since this question is hardly relevant for the author, I think it should be closed. - Pavel Mayorov

1 answer 1

I would use SQL authentication and, depending on who accessed the service, would change the user in the connection string.