.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WF WCF (XAMLX) to WCF & Delegation

Posted By:      Posted Date: October 19, 2010    Points: 0   Category :Windows Application

Hi All

I am trying to get double hop impersonation working using delegation from a forward facing WF WCF service. This is the basic setup:

(Client WPF/Silverlight) -> WF WCF (IIS7.0) -> WCF (IIS6.0)

The whole lot works on a development machine but when distributed to the various servers I have been getting an error when calling an operation on the back end WCF = "The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'"

After hours of digging around online and trying various things I came across this blog post here: http://blogs.msdn.com/b/securitytools/archive/2009/11/04/double-hop-windows-authentication-with-iis-hosted-wcf-service.aspx

In summary it seems the double hop between servers (WCF-WCF) is the problem so I have been following the blog above as my setup is fairly similar.

One part of the blog states that I enter the following in the config for the WF WCF which I have done.


View Complete Post

More Related Resource Links

Security Briefs: Credentials and Delegation


I get loads of security questions from friends and former students, and recently I've gotten a number of questions about building secure data-driven Web sites for internal enterprise systems. I've decided to answer them here to hopefully save you some headaches in your own projects.

Keith Brown

MSDN Magazine September 2005

How use WorkflowHostingEndpoint w/ existing Activity and no .xamlx + configure in web.config

The only examples I can find on hosting non-service workflows leveraging a custom WorkflowHostingEndpoint (CreationEndpoint example in Samples) still makes use of a .xamlx file and only shows configuring a host in code. I'd like to take an existing Activity, leverage something like CreationEndpoint, and configure the service exclusively in the web.config for hosting in IIS. I'd also like the service to expose a mex endpoint. Is this possible and if so can someone refer me to an example?Blades Don't Need Reloading...

Double hop delegation problem

Hi,I have an ASP.NET 2.0 web app which calls a one way web method on a web service. This web method contacts remote servers and pulls back config information to confirm the state of new server builds (settings etc) and inserts the collected data into a SQL database. The web app is supposed to pass through the callers kerberos ticket to the web service and then again to the newly built server which is being checked, all via impersonation and delegation using the calling users administrator privileges.The trouble is, I just can't get the web service to run under the callers context. I have the SPN's set up, delegation turned on in the active directory objects for the computer running the web app and service and the worker process domain user service account. I have windows authentication on and impersonation set to true in both the web app and service's web.config, integrated authentication in IIS, and IE settings are all ok. All has been checked out and passes the tests in DelegConfig, but it still won't work.It appears that any data that's is written to the database is written under the context of the web pool service account, and not the calling users, plus along with the fact that I get access denied messages when trying to collect data from the server says impersonation isn't working.Also, is it possible to run the checks under the calling users

BULK INSERT with a UNC path does not work even with delegation

I have a stored procedure that uses BULK INSERT with a UNC path to another server. I have enabled both the server and the domain account the SQL Server services are running under to allow all delegation. The UNC path allows Everyone Full Control. I can log into my computer using the SQL Server service account and browse to the file and open it. I can log onto the SQL Server with the service account or my account and browse to the file and open it. Whenever I run the stored procedure or execute the BULK INSERT from SSMS I get the following: Msg 4861, Level 16, State 1, Line 2 Cannot bulk load because the file "\\nas\shared\ZipSales\FLAT.txt" could not be opened. Operating system error code 5(Access is denied.). I can log into the server console using my user account, open SSMS on the server, and the stored procedure or the raw BULK INSERT work just fine. It's only a problem when I execute it from an end user workstation. Moving the data file to the SQL server works fine, but that is not a viable long-term solution. After scouring the Internet for most of two days, I finally stumbled across <a href="http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/512fe230-b94a-4fe0-83c8-201a150bbcec">another post</a> that has this bit:  "After watching forums, etc. for almost a year regarding this issue, we ran a MS Support Reque

Custom InstanceStore and WF service (xamlx)

I tried to use XmlWorkflowInstanceStore from WF_WCF_Samples(Application\PurchaseProcess) with my WF Service but I get exception on the client side after invoking a service method - Expected Process received null. (Process is my received operation name) I have debugged the XmlWorkflowInstanceStore.TryCommand and for the LoadWorkflowCommand my workflow is loaded from database to context (InstancePersistenceContext) - method ends without any exception - but on the client side i get received null exception. Can someone tell my what i'm doing wrong? Do i have to set some other context arguments? Are there any guidlines for writing a Custom Instance store ( i can't find any decent tutorial)udione

WorkflowInspectionServices and the workflow service(xamlx)

It is a  sample here http://msdn.microsoft.com/en-us/library/ee358719(VS.100).aspx.

but I want to know how to inspect the workflow of the .xamlx(workflow service) using the WorkflowInspectionServices .

How to get all activity  of the .xamlx?

Reuse XAML Declarative Workflow in Workflow Service (xamlx) Results in Server Error of System.Argume


We attempted to reuse a XAML (declarative activity workflow) in a few places within the same XAMLX and it doesn't appear to allow this.   On the WCF client side, it reported an obscure error of something to the effect of unknown message received and a communication error stating the service instance couldn't be used at this time and to ensure the call order is correct or order delivery guarantee is enabled.   However, this appears to mask the true issue which is on the server side.   Apparently, when the server side WCF end point is trying to start the workflow instance, it throws this error building a dictionary of workflow children...

System.ArgumentException: An item with the same key has already been added.
   at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource)
   at System.Collections.Generic.Dictionary`2.Insert(TKey key, TValue value, Boolean add)
   at System.Activities.Debugger.InstrumentationTracker.InitializeUninstrumentedSubRoots()
   at System.Activities.Debugger.DebugManager.EnsureInstrumented(Activity activity)
   at System.Activities.Debugger.DebugManager.OnEnterState(ActivityInstance instance)
   at System.Activities.Debugger.DebugController.ActivityStarted(ActivityInstance activityInstance)

Load XAMLX from database


I've seen a few posts discussing this scenario, but I'm still struggling with what might be the best solution...


1. I've a rehosted designer to allow users to create XAMLX
2. These XAMLX are stored on a database
3. I now need to be able to expose these XAMLX in IIS to be consumed by clients
4. Clients will be able to compose the right addresses to reach these XAMLX. Examples: http://server/WFSite/V1/MyService.xamlx; http://server/WFSite/V2/MyService.xamlx; or similar for non-http protocols

My question is, what is the best solution to load and expose the xamlx services in IIS?

Possible solutions that I've found so far:

1. Use a ServiceHostFactory with a ServiceHost to load the XAMLX from the database
     Option 1:
          a. Requires an .svc file for each .xaml file stored in database. The .svc file is needed to specify the ServiceHostFactory for each XAMLX.
          b. Clients would reference the XAMLX by referencing the .svc endpoint address

Unable to have a WorkflowServiceHostFactory & WorkflowServiceHost for a WF with a XAMLX definition h


I'm hosting my XAMLX WF in IIS/WAS and I need to create a custom host & custom host factory to be able to use a DataContractResolver (http://blogs.msdn.com/youssefm/archive/2009/06/05/introducing-a-new-datacontractserializer-feature-the-datacontractresolver.aspx). I've already take a look at the post mentioned in this link http://social.msdn.microsoft.com/Forums/en-NZ/wfprerelease/thread/bcdef4a1-008c-46f5-b988-a934e8336302 wich describes the same situation. I've also take a look at the links mentioned in the answer to this post.

Nevertheless, I still can't have this scenario working. My scenario is:

1. Have XAMLX WF hosted in IIS/WAS that starts with:

<WorkflowService ConfigurationName="DecisionEngineServiceConfiguration" Name="DecisionEngineService" ...

2a. I've created the .svc file with the following contents:

<%@ ServiceHost Language="C#" Debug="true" Service="DecisionEngineServiceConfiguration" Factory="DecisionEngine.Core.ServiceModel.ServiceHostFactory"

Windows Integrated Authentication and Kerberos delegation.


I currently have 2 seperate domains.

Domain A

Domain B


No domain trust has been establish.


In this scenario, if user is connected to Domain A via its desktop. Is there a way to access to a SQL Server in Domain B without using SQL authentication.


I heard of kerberos but would that solve my issues ?




xamlx workflow service initialization hosted in IIS on net.msmq endpoint


Hi everyone,

I implemented xamlx workflow service. I need to implement code that will be called before the service is invoked. I host workflow service in IIS on net.msmq endpoint. I saw that global.asax does not help me. I searched internet and found that I could use public static void AppInitialize(); method in App_Code folder class but that does not work.

Can you give me some suggestion or send code sample that can be used for initialization of application in iis that hosts xamlx workflow services on netMsmq binding?


Indigo Cowboy

version control for .xamlx files in vs2010


Hi ,

This is my scenario:

I have a solution having multiple projects in it. There are several workflow files(Template1.xamlx,Template2.xamlx)files in my Business Logic Project. User Interface is a web application project that uses the service references of each of the workflows(Template1Reference, Template2Reference).

I have some threads which are running live . I need to update Template1.xamlx by adding another activity in the workflow.

I wanted that existing Template1 threads should continue to run in the old version (v1) and new threads to run in V2 of Tenplate1.

Template2 has no change.

My queries are:

How can i update Template1.xamlx and deploy ?

Do i need to create Template1_V2.xamlx file and update the Template1V2Reference in Template1.aspx page? or can i use the same Template1Reference in .aspx page.

If Template1.xamlx needs to be updated to version 2 , do i require Template2.xamlx to be upgraded to version 2 also ?

will the endpoint configuration of both workflows needs to be changed?

Kindly share your suggestions.

Thanking in advance


WF4+WCF no xamlx

Do i need to use service workflow (xamlx) to use messaging components in WF4? Service workflow (xamlx) starts to work when the connection is established, i need run workflow immediately when the program runs. Can i use receive component with standard xaml workflow?

Control persisted WF instance (xamlx) without AppFabric


Hi All

I have a workflow service (xamlx) which implements some complex business process (with persistence and correlation). This service is hosted in IIS and I use AppFabric to control workflow instanses (Terminate them or Cancel).

Now I need to allow users, who don't have administrative rights and, hence, access to AppFabric to stop workflows (Terminate) if they make mistakes while invoking it and restart the workflow.

Is it possible to implement the same logic as it is used in AppFabric with C# code (I plan to create a web service with the help of which it would be possible to terminate workflows)

Thanks in advance!

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend