How to Impersonate the Original Caller When Using Windows Authentication
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
When using windows authentication, you have access to original users Windows Identity. You can impersonate the original caller whenever downstream code needs to authorize based on the original caller’s identity. For instance, you may have authorization checks
in business logic called by WCF, or you may want to access resources that have access control lists (ACLs) allowing specific user access.
You can impersonate the original caller either declaratively or programmatically, depending on the following circumstances:
- Impersonate the original caller declaratively when you want to access Microsoft Windows® resources that are protected with ACLs configured for your application’s domain user accounts.
- Impersonate the original caller programmatically when you want to access resources predominantly by using the application’s process identity, but specific sections of the operation need to use the original caller’s identity.
- For more information, see “Delegation and Impersonation with WCF” at
- For more information see “How To - Impersonate the Original Caller in WCF calling from Windows Forms”
- For more information see “How To - Impersonate the Original Caller in WCF calling from Web Application”