Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have a service using WCF and Impersonation.
A user can log in to the client application with credentials that are part of an Active Directory system.
The users login is impersonated service side.
This works fine when the user who logged in is setup as a Local Admin on their host machine.
But a problem occurs when they are a non-privileged (standard) user. We get an exception stating Access Denied “One of our DLLs”. (It happens on all of our DLLs)
This was actually a simple issue of permissions on the deployment environment.
Using the Code Access Security Policy Tool (Caspol.exe) it was just a matter of applying the correct permissions. There’s a how-to-use guide on msdn.
The actual command line string was
CasPol.exe -addgroup 1 -strong -file D:\deployment_location\WcfServiceHost.exe -noname -noversion FullTrust
This was performed on a collection of services. Since our version numbers were changing frequently using the ‘noversion’ was helpful, the service also required FullTrust in our setting.
To re-use the fix for various machines, create a PowerShell script (or batch file) and using the ‘polchgprompt’ parameter to turn off prompts so the script can execute without intervention.
polchgprompt – “Enables or disables the prompt that is displayed whenever Caspol.exe is run using an option that would cause policy changes.”
Script Structure: