Home/ Questions/Q 4034832
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T12:01:20+00:00

for a customer, I need to implement the following scenario: User accounts are stored

  • 0

for a customer, I need to implement the following scenario:

  • User accounts are stored in a database. The list contains both Windows authenticated accounts and SQL Server authenticated accounts. Passwords are not stored in the database (for windows authenticated accounts, the windows system is used for validation of the credentials, SQL authenticated accounts are validated by the SQL server)
  • A WCF service is created that users authenticate against using a custom authentication provider in order to be able to handle both Windows and SQL accounts. So both username (Domain\Username or just username) and password are available at the service.
  • There already is a custom API that contains a class that encapsulates the connection handling to the database server. In case of a Windows account I provide a connection string to the class that uses integrated security. In case of a SQL account I build a connection string containing username and password of the SQL account. It would be convenient to create an object of the class at the beginning of the request and dispose of it when the request ends.
  • For the Windows account scenario to work, I want to impersonate the Windows account for the duration of the request.

What I am looking for is a way to implement the impersonation in one place instead of each service method separately.

How can I implement this in the service?

Thanks for your help,

Markus

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Perhaps this example can get you on the way:
    taken from here

    public class HelloService : IHelloService
{
    [OperationBehavior(Impersonation = ImpersonationOption.Required)]
    public string Hello(string message)
    {
        WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
        if (callerWindowsIdentity == null)
        {
            throw new InvalidOperationException
             ("The caller cannot be mapped to a Windows identity.");
        }
        using (callerWindowsIdentity.Impersonate())
        {
            EndpointAddress backendServiceAddress = new EndpointAddress("http://localhost:8000/ChannelApp");
            // Any binding that performs Windows authentication of the client can be used.
            ChannelFactory<IHelloService> channelFactory = new ChannelFactory<IHelloService>(new NetTcpBinding(), backendServiceAddress);
            IHelloService channel = channelFactory.CreateChannel();
            return channel.Hello(message);
        }
    }
}
    • 0