Good morning everybody! Not the first day I struggle with a problem that does not allow to move on. There is a distributed system in which the client is located on machine # 1, the wcf service is on machine # 2, and ms sql server is on machine # 3.
On the client side, the level of impersonalization Delegation is used:
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
On the wcf side of the service, impersonalization (impersonation) is included for all contracts of operations
<serviceAuthorization impersonateCallerForAllOperations="true" />
there is a special attribute for each operation contract
[OperationBehavior(Impersonation = ImpersonationOption.Allowed)].
Thus, impersonation from the client to the service is normal, the service knows who the request came from, but already the request from the wcf service comes from an anonymous user, as indicated by the following error:
Login failed for user 'NT AUTHORITY \ ANONYMOUS LOGIN'.
How to make the wcf-service contact the database on behalf of the user who caused the service?