I have a WCF service which provides some information based on the end-user's Windows Login ID. The service exposes an end-point which uses Windows authentication. Subsequently, instead of passing the UserID as a parameter to a operation contract, I can find out who invoked a service operation by looking at the context information as shown below:
WindowsIdentity id = ServiceSecurityContext.Current.WindowsIdentity;
This works fine for Windows Desktop Clients. It also works well for ASP.NET Clients as long as the web app is configured for Windows Authentication AND Impersonation is turned ON.
However, some of the WCF's clients are ASP.NET apps which do NOT use Windows Integrated Authentication. Instead, they use other mechanisms, such as SiteMinder. In these cases, the above code would return the ID under which the web application runs (i.e. ASPNET user account). Subsequently, I cannot get the actual end-user's windows ID.
Could you please provide some advice / guidance as to how to get the user ID. In the ASP.NET app, I can get the userID from the SiteMinder request header ("SM_USER"). Is there a way to pass this information in a secure fashion (similar to how Windows Authentication works)?
Any advice is much
View Complete Post