I have a silverlight application which fetches data from a WCF Service hosted under a Windows Service which runs under the "Local System" account i.e. NT AUTHORITY/ SYSTEM.
I have enabled Windows Authentication on this WCF service using the below in my App.config
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="webHttpBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="defaultServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="winAuthBasicHttpBinding" openTimeout="05:00" sendTimeout="05:00" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
<services>
<service behaviorConfiguration="defaultServiceBehavior" n开发者_开发知识库ame="DataService.CrossDomainService">
<endpoint address="" behaviorConfiguration="webHttpBehavior" binding="webHttpBinding" contract="DataService.ICrossDomainService">
<identity>
<dns value="107.0.0.12"/>
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://107.0.0.12:2035/"/>
</baseAddresses>
</host>
</service>
<service behaviorConfiguration="defaultServiceBehavior" name="DataService.NewDataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="winAuthBasicHttpBinding" contract="DataService.INewDataService">
<identity>
<dns value="107.0.0.12"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://107.0.0.12:2035/DataService/"/>
</baseAddresses>
</host>
</service>
</services>
I have also enabled Windows Authentication in the connection string for Oracle using Integrated Security=SSPI as below:
<connectionStrings>
<add name="netTiersConnectionString" connectionString="Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=107.0.0.17)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SVC001)));Integrated Security=SSPI; Min Pool Size= 1; Max Pool Size= 5;" />
Now when the Silverlight app makes a call to the WCF Service, the database connection happens using NT AUTHORITY/SYSTEM account instead of domainname/username credentials of the logged in user in the Silverlight app which itself uses Windows Authentication. Hence I get the invalid username error.
The same configurations work fine when I host the WCF service in a console application. But when I host in a windows service, it runs under a Local System account and hence I guess this issue.
What can I do so that the database connection is made using windows authentication credentials of logged in user and not the Local System account?
Thanks, Pankaj Chamria
I found the answer thanks to a reply on CodeProject.. (see here & here)
I just needed to force impersonation on every WCF Service function that made a call to the Oracle database. The way to do it is adding the below attribute on every OperationContract implementation.
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
A possible approach is to run your WCF service with IIS and configure it to you impersonation:
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
</configuration>
I can't tell you whether you can achieve the same with a Windows service.
精彩评论