Could someone help me with the following issue, please?
- Windows 2008 R2 server hosting both MVC2 web application and WCF service for it;
- users connect to the web application which gets all data from the WCF services;
- WCF services are resused by several other applications (WinForms based) which work fine and have never experienced any security related problems;
- MVC2 uses impersonation (<identity impersonate="true"/>) to connect to WCF services, so we have single security boundary for both web and winforms clients (which are out of scope of the problem);
- both MVC2 web application and WCF services share the same ASP.NET v4.0 DefaultAppPool application pool, running under NetworkService identity;
- all users, user PCs and servers belong to the same AD domain, which is a part of global corporate tree;
- all unhandled exceptions are automatically caught by the web application and forwarded to application developers' e-mail box;
- WCF binding setup in web application:
<binding name="WSHttpBinding_BifrostServices" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
View Complete Post