This project is read-only.

How to Control Access to A Remote Resource Based On the Original Callers Identity

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use delegation to flow the impersonated original user's security context (windows identity) to the remote back-end service. On the remote back-end service the original user’s windows identity can be used to authenticate or impersonate the original caller, to restrict or authorize original caller’s access to local resources.
When using delegation, on Windows Server 2003 or later, use constrained delegation. This allows administrators to specify exactly which services on a downstream server or a domain account can be accessed when using an impersonated user's security context.

Additional Resources

  • For more information, see “Delegation and Impersonation with WCF” at http://msdn2.microsoft.com/en-us/library/ms730088.aspx
  • For more information see “How To - Impersonate the Original Caller in WCF calling from Windows Forms”
  • For more information see “How To - Impersonate the Original Caller in WCF calling from Web Application”

Last edited Jun 13, 2008 at 8:40 PM by prashantbansode, version 1

Comments

No comments yet.