One of my client has unique requirement. Details
Has Web application, WCF Service both are hosted in IIS6, and runs under a Domain Account (say MyAppAdmin) App_pool.
Web application has anonymous access, and service is protected by Windows Authentication.
Web App will calls the Service without any impersonation. So Serivice will be called by using App_pool Identity. Below is the code...objClient.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;objClient.ClientCredentials.Windows.AllowNtlm = true;objClient.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;objClient.Open();svcResult = objClient.MyMethod(input);Problem & requirement:
App_pool user is coming to Service, able access using HttpContext.Current.User.Identity, with the properties IsAuthenticated=true; Name=MyAppAdmin.
I need check, if this App_Pool user in an Active Directory Group or not. If he is part of allowed group then only I should allow to continue execution of method. For this I am using below codeWindowsIdentity wi = (WindowsIdentity)HttpContext.Current.User.Identity;PrincipalPermission permission = new PrincipalPermission(wi.Name, allowedRoleName, true);permission.Demand();But it is throwing Security.SecurityAccessDe
View Complete Post