So I have been banging my head on this one. I have a self hosted WCF service:

var webServiceHost = new WebServiceHost(helloWorld);
webServiceHost.Authorization.ImpersonateCallerForAllOperations = true;

var uri = new Uri(BaseUri + webService.UriDirectory);
var webHttpBinding = new WebHttpBinding(webHttpSecurityMode);
webHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;

var sep = webServiceHost.AddServiceEndpoint(IHelloWorld, webHttpBinding, uri);
var webHttpBehavior = new WebHttpBehavior {HelpEnabled = true};
sep.Behaviors.Add(webHttpBehavior);

webServiceHost.Open();

I’ve gone ahead and applied the following attributes to my method:

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public List<GpoItem> GetAll()
{
    using (ServiceSecurityContext.Current.WindowsIdentity.Impersonate())
    {
        // Execute GPO code here...
        return new List<GpoItem>();
    }
}

To add a bit more context, I basically have a webservice that allows a person to log into a web page, create a GPO on the domain. Running this in a console works fine as I’m running it as the logged in domain user. Running it as a Windows service, throws me an “Access Denied” exception. Thus the need for impersonation. I put in the following altered code above and I get ‘An operations error occurred. (Exception from HRESULT: 0x80072020)’. Googling that shows me its a permission issue still. I’m logging into the Web service test environment as an administrator so I have full access, and I’ve shown I can run it in a console just fine as an administrator. I feel like I’m missing some flag setting some where.

Any ideas?

[Update1] I’ve tried switching the service from running as local system to network service, but I still get the same issue.

[Update2] When I logon on to the server hosting my WCF service (being ran as local system), and use the browser directly on that machine, everything works fine. It seems to be an issue with delegating the users authentication… still unknown here.