.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

WCF Authentication Problem with Impersonation

Posted By:      Posted Date: December 04, 2010    Points: 0   Category :WCF


My current setup is as follows:

1 NLB Web Cluster pointing to 2 Windows Server 2008 R2 machines with IIS 7.5 both containing a single identical web site (let's call it Web Site A).

1 additional web machine (also Windows Server 2008 R2 with IIS 7.5) containing a different web site (Web Site B)

Web Site A uses ASP.NET Impersonation (i.e. <identity impersonate="true" />) and resides in a single app pool that runs as NETWORK SERVICE.

Web Site B uses ASP.NET Impersonation and resides in a single app pool that runs as NETWORK SERVICE.

Windows Authentication is setup on all sites.

Web Site B hosts a WCF service that is called by Web Site A. The WCF Service on Web Site B has the following configuration:

Web Site B has the following configuration:

   <binding name="webHttpBinding_WebServices">
    <security mode="TransportCredentialOnly">
     <transport clientCredentialType="Windows"/>
   <behavior name="WebSiteB.Web.WebService">

View Complete Post

More Related Resource Links

Active Directory user impersonation with forms authentication

I've written a small ASP.NET 3.5 application to allow users to update selected account attributes on their own. Everything works fine when I use Basic Authentication, but because the dialog that is presented is less than ideal, I'd like to use forms authentication to give the users more instruction on how to log in. My problem is that in order for the user to update their account information, I have to have the application impersonate them for the update actions. I've scoured the internet trying to find a solution to my issue, but nothing fits or works. I have tried setting the web.config:<identity impersonate="true" /> but that doesn't seem to work. I also have the C# code using the WindowsImpersonationContext class, but still no luck. protected void titleTextBox_TextChanged(object sender, EventArgs e) { TextBox tb = (TextBox)sender; string fieldTitle = "job title"; string fieldName = "title"; if (userDirectoryEntry == null) CaptureUserIdentity(); try { WindowsImpersonationContext impersonationContext = userWindowsIdentity.Impersonate(); if (String.IsNullOrEmpty(tb.Text)) userDirectoryEntry.Properties[fieldName].Clear();

Forms Authentication - IE problem

Hi folks,I already implemented some kind of Forms Authentication. I got the following problem - When I'm using IE(7, 8) ONLY (FF, Opera, Chrome - they are OK) it is impossible to to get logged and get redirect to specified page from the Login.aspx. This problem occurs ONLY with IE. After passing some validations and creating ticket the Login page is reloaded again, and NO redirect to Default page exists. Address bar consists always this string:      http://localhost:3706/Login.aspx?ReturnUrl=%2fdefault.aspx  In Global.asax - HttpContext.Current.User is ALWAYS NULL under IE.Here is my code implementation:Web.config:<authentication mode="Forms">   <forms defaultUrl="Default.aspx" loginUrl="Login.aspx" protection="All" timeout="30"> </forms> </authentication>  <authorization>    <deny users="?"/> </authorization><!-- Allow anonymous access (non-Forms login) to the Images folder --> <location path="Images">   <system.web>      <authorization>          <allow users="*"/>      </authorization>   </system.web> </location>Global.asax:protected void Application_AuthenticateRequest(object sender, EventArgs e) {    // look if any security information exists for this request    if (H

Problem in setting up Windows Authentication in Windows 2008 RC2

Hi,We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution

IIS 6 Windows Authentication + ASP.NET Impersonation when application resides on a UNC share

When the application resides on a local folder, the current user ((System.Threading.Thread.CurrentPrincipal.Identity.Name) is the windows authenticated user. OK. But..when the application resides on a UNC share, the current user is the windows user configured in IIS virtual directory to access the UNC share. This is not the desired behavior in my case, what I want is to have the same behavior as in the case where the application is in a local folder (current user matches the windows authenticated user)This is configurable in some way in IIS 6 or IIS 7?   thanks in advance,Alexander Wolff  

Need to solve Form Authentication Problem

Hi all, I have a web site with login page and other pages. For login page currently i put authentication mode = Form. Problem is, when login 2 diffenent user in same pc and 1 browser with 2 tab, first tab is 1 user and 2nd tab is another user. I used Form Authentication ticket ,so for each users has different tickets. After login the 1st user and create a entry , then 2nd user login and trying to create entry that time 2nd user ticket is reset to 1st user ticket. is it any way to avoid this issue? if anyone knows about this please give me your suggestion and example. Thanks S.Shangar  

Form based Authentication - OpenLdap problem

Hi everyone,   I try to set up FBA with LdapMembership provider.   I have configured web app + STS like this : <add name="LDAPMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c" server="server" port="389" useSSL="false" connectionUsername="uid=portal_sharepoint,ou=people,dc=corp,dc=contoso,dc=com" connectionPassward="somthing" userDNAttribute="distinguishedName" userNameAttribute="cn" userContainer="ou=people,dc=corp,dc=carrefour,dc=com" userObjectClass="person" userFilter="((eduPersonOrgUnitDN=cn=portal_sharepoint,ou=applications,ou=organizations,dc=corp,dc=contoso,dc=com))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" />   I can without problem use the people picker and get user information from it. But when i try to authenticate user i have an error that say : An exception occurred when trying to issue security token: The security token username and password could not be validated.   If i look my log on the ldap i see that all the time it's the portal dn that is used to authenticate user.   I

Forms Based Authentication - problem with custom master page and login page



I have successfully enabled and set up FBA (Forms Based Authentication) on my SharePoint 2010 Foundation server. The thing is that I need to customize the look and feel of the login page. I have successfully customized the page (and master page) to look the way I want, however, when I try to log in, I get the following error/message on the page:
"Forms Based Authentication on classic Web applications has been deprecated".

What I've done:
Made copies of /_layouts/simple.master and /_layouts/login.aspx and renamed the copies. The markup in the master page is MUCH simpler than the original, but I've kept all the ContentPlaceholders that I don't use (most of them) in a hidden <asp:Panel at the bottom of the page.

I've changed the web.config file:
<authentication mode="Forms">
      <forms loginUrl="/_layouts/loginCustom.aspx" />

So, I'm not getting any errors on the page until I try to log in. When I use the default settings (login.aspx and simple.master) it works just fine (but damn that page looks ugly!).

Does anyone know what I might be missing?

Update: I believe the reason it doesn't work is because my custom login aspx is not part of the Claims Based Web Application (because it's sitting

SMTP authentication problem


Hi all,

I have built a windows service that sends mail from a database table using smtp. This worked fine until we moved to a new ISP. This ISP requires simple smtp authentication. I built this into my service. But still I get problems. I discussed with the ISP what could be the problem, eventually I got it to work using telnet. On my own program though, it still doesn't work. I get the following error:

Error: Mailbox unavailable. The server response was: 5.7.1 <mark@silverstar-it.nl>... Relaying denied. Proper authentication required.

The code I use to send mail:
Dim MailMsg As New MailMessage(New MailAddress("address@domain.nl"), New MailAddress("mark@anotherdomain.nl"))
MailMsg.BodyEncoding = Encoding.Default
MailMsg.Subject = "Onderwerp"
MailMsg.Body = "Mailbody"
MailMsg.Priority = MailPriority.Normal
MailMsg.IsBodyHtml = True

'Smtpclient to send the mail message
Dim SmtpMail As New SmtpClient
SmtpMail.Host = My.Settings.SMTPServer
If My.Settings.SMTPUser.Length > 0 Then
Dim basicAuthenticationInfo As New System.Net.NetworkCredential(My.Settings.SMTPUser, My.Settings.SMTPPass)
SmtpMail.UseDefaultCredentials = False
SmtpMail.Credentials = basicAuthenticationInfo
End If

Problem with Impersonation on Windows 2008 Server x64

Existing .net application that runs w/out issue on 2003 x32 and x64 Terminal Services is failing on 2008 x64 with 'Cannot Create ActiveX Component' error.

Application is compiled as x86.

The functionality is to access an email within a PST file. Utilizes Redemption 4.5 COM object for PST access.

Pseudo code:

Impersonate Domain Admin
'create the COM object (.net interop is installed
RDOSession = CType(CreateObject("Redemption.RDOSession"), Redemption.RDOSession) 
'logon to the mailbox of impersonated user
RDOSession.LogonExchangeMailbox("UserID@domain.com", "mail.mydomain.com")
'add the requested PST
RDOPST = RDOSession.Stores.AddPSTStore(PSTFullName)
Canx impersonation

If I do not invoke the impersonation method, but 'Run As Administrator' or a user with sufficient rights to the PST, the code works on 2008.
If the impersonation method is invoked, the CreateObject fails with 'Cannote Create ActiveX Component' (no inner message).  Even if I 'Run As Administrator' with the impersonation invoked, it still fails with the same error.

If I pass the username/password for the current user (which also has domain admin rights) to the Impersonation method- it works. Any other domain admin account other than the current user,

problem with connecting to local SQL Server 2008 default instance using windows authentication




I have a user getting some problem with connecting to local SQL Server 2008 default instance using windows authentication with a user which has sysadmin role and is owner of each existing database:

2010-09-28 15:40:35.04 Logon       Error: 18456, Severity: 14, State: 11.


2010-09-28 15:40:35.04 Logon       Login failed for user 'IIS APPPOOL\RoomViewSEWebClient'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT:]



This us

WCF - SiteMinder Authentication + Impersonation


Hi Everyone,

I have a WCF service which provides some information based on the end-user's Windows Login ID.  The service exposes an end-point which uses Windows authentication.  Subsequently, instead of passing the UserID as a parameter to a operation contract, I can find out who invoked a service operation by looking at the context information as shown below:

WindowsIdentity id = ServiceSecurityContext.Current.WindowsIdentity;

This works fine for Windows Desktop Clients.  It also works well for ASP.NET Clients as long as the web app is configured for Windows Authentication AND Impersonation is turned ON.

However, some of the WCF's clients are ASP.NET apps which do NOT use Windows Integrated Authentication.  Instead, they use other mechanisms, such as SiteMinder.  In these cases, the above code would return the ID under which the web application runs (i.e. ASPNET user account).  Subsequently, I cannot get the actual end-user's windows ID.

Could you please provide some advice / guidance as to how to get the user ID.  In the ASP.NET app, I can get the userID from the SiteMinder request header ("SM_USER").  Is there a way to pass this information in a secure fashion (similar to how Windows Authentication works)?

Any advice is much

Sharepoint Authentication Impersonation


I am stumped on this one and really need a nudge in the right direction.


Scenario:  Currently have Sharepoint 2007 running using Windows Authentication to access any sites.  I have an application that will reside on client workstations (C# Windows Application) and i would like to grant them to a particular site automatically.  Essentially the application will spawn a form that opens the desired sharepoint site but uses predetermined credentials so they are not forced to login.

I have tried a few things trying to make impersonation work but this does not seem to do the trick as the second i access the sharepoint site up pops the windows authentication window.

Is it possible to gain access to Sharepoint (remotely and outside the sharepoint domain) in this way?  If it helps i am also stuck using .NET 2.0 for any applications that would be developed. 

forms authentication problem



I am working with forms authentication, in web.config my code is

<authentication mode="Forms"  >
      <forms loginUrl="default.aspx" name=".ASPXFORMSAUTH" >

now, in my application If I hit any page directly without login, it redirects me to login page.

On successful login, I add a cookie to the response object.

But this is happening to overall application, what basically my requirement is to a web application, where anonymous users can visit also if user get sign in he can view some extra pages(secure pages)

Deplying SQL Analysis service database using script problem with Impersonation


I have a problem with deploying SQL Analysis database from dev server to production , because I do not have an admin privileges , I cannot use Create script

The only action that I have , is to execute Alter Script against Any Empty database,


However I cannot use ImpersonateServiceAccount because it needs  Admin privileges

So, I always use ImpersonateCurrentUser as you know, I have to supply my credential.


are there any way that I can Deploy the db to the production  with the same impersonation type ImpersonateServiceAccount

as it was before?


thank you

Problem with SSRS Forms Authentication


Hi All,

I tried SSRS with Forms based authentication. I followed the below link


I am getting null value at the below code line ...[This entire code has been downloaded from the link http://www.codeplex.com/SqlServerSamples/Release/ProjectReleases.aspx?ReleaseId=4000 ]

 string cookieName = response.Headers["RSAuthenticationHeader"];

In "Headers" there is no key as RSAuthenticationHeader and returning null.

Before debugging all this code, done like this....
As per "Readme_FormsAuthenication.htm " file,

1)changed all the config keys of "Report Server and Report Manager" of installed paths.

2)Pasted the .aspx pages in the corresponding "Report Server and Report

Problem with digest authentication on IIS 5.1



I have WCF service on IIS 5.1 with active digest authentication (service and client are in windows domain).

Realm in IIS config window is set to: mydomain.site

Config file from service:

<transport clientCredentialType="Digest" proxyCredentialType="None" realm="mydomain.site" />

Config file from client is the same:

<transport clientCredentialType="Digest" 

problem in form authentication with asp.net 4.0


Hi All,

we are upgrading the asp.net 2.0 web application to asp.net 4.0. we are using form authentication.

<authentication mode="Forms">
	<forms name=".ASPXAUTH" protection="All" timeout="30"  loginUrl="user/login.aspx"></forms>

	<deny users="?"/>

<location path="default.aspx">
			<allow users="?"/>


the site default page is default.aspx

in version 2.0, working fine with form authentication.

after the upgradion

whenever call website .com/" mce_href="http://www..com/">http://www.<domainname>.com, it is redirected to login page

.com/user/login.aspx?ReturnUrl=%2f" mce_href="http://www..com/user/login.aspx?ReturnUrl=%2f">http://www.<domainname>.com/user/login.aspx?ReturnUrl=%2f 

if we call .com/default.aspx" mce_href="http://www..com/default.aspx">http://www.<domainname>.com/default.aspx, it is working fine

How can i fix

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend