WCF Security Impersonation Proof-of-Concept
This paper examines the concept of passing credentials from client to WCF services and using impersonation.
The PoC is based on a similar set of services as covered in the ASMX PoC titled “Ever wondered if and how identities are carried from service to service?” and posted on http://dotnet.org.za/willy/archive/2006/05/07/52060.aspx.
The purpose of this PoC is to compare WCF to the ASMX services world and to verify that the same impersonation functionality is available to us with WCF.
Figure 1 – PoC Solution
The test solution consists of a simple IIS hosted and two custom hosted WCF services, with a test client communicating with the IIS hosted WCF service (Service A). The intention of this test solution is to experiment with the “flowing” of identities from the consumer application to the three services, as the two downstream services (WCF Service B and WCF Service C) by default are presented with the IUSR_ anonymous identity.
If you are interested in this topic, please download the complete proof-of-concept whitepaper on http://www.drp.co.za/Media/Papers/tabid/76/Default.aspx. Other related papers on the same site include "ASMX Security Impersonation Proof-of-Concept" and "WCF FaultException ... why use it".