Export (0) Print
Expand All

OperationBehaviorAttribute.Impersonation Property

Gets or sets a value that indicates the level of caller impersonation that the operation supports.

Namespace:  System.ServiceModel
Assembly:  System.ServiceModel (in System.ServiceModel.dll)

public ImpersonationOption Impersonation { get; set; }

Property Value

Type: System.ServiceModel.ImpersonationOption
One of the ImpersonationOption values. The default is NotAllowed.

Use the Impersonation property (together with a binding configuration that supports impersonation) to enable specified methods (those marked with the Impersonation property set to Allowed or Required) to execute under the caller's identity. For details, including how impersonation is performed when using Allowed together with the ServiceAuthorizationBehavior.ImpersonateCallerForAllOperations property, see Delegation and Impersonation with WCF and How to: Impersonate a Client on a Service.

NoteNote

When programmatically adding a service endpoint that performs impersonation, you must either use one of the AddServiceEndpoint methods or the ContractDescription.GetContract method to properly load the contract into a new System.ServiceModel.Description.ServiceDescription object. Using a configuration file requires no extra step.

There may be specific scenarios when impersonation is not supported. For more information, see Unsupported Scenarios.

The following service code example requires impersonation by setting the Impersonation property to Required.

using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.Threading;

namespace Microsoft.WCF.Documentation
{
  [ServiceContract(
    Name="SampleHello",
    Namespace="http://microsoft.wcf.documentation"
  )]
  public interface IHello
  {
    [OperationContract]
    string Hello(string greeting);
  }

  public class HelloService : IHello
  {

    public HelloService()
    {
      Console.WriteLine("Service object created: " + this.GetHashCode().ToString());
    }

    ~HelloService()
    {
      Console.WriteLine("Service object destroyed: " + this.GetHashCode().ToString());
    }

    [OperationBehavior(Impersonation=ImpersonationOption.Required)]
    public string Hello(string greeting)
    {
      Console.WriteLine("Called by: " + Thread.CurrentPrincipal.Identity.Name);
      Console.WriteLine("IsAuthenticated: " + Thread.CurrentPrincipal.Identity.IsAuthenticated.ToString());
      Console.WriteLine("AuthenticationType: " + Thread.CurrentPrincipal.Identity.AuthenticationType.ToString());

      Console.WriteLine("Caller sent: " + greeting);
      Console.WriteLine("Sending back: Hi, " + Thread.CurrentPrincipal.Identity.Name);
      return "Hi, " + Thread.CurrentPrincipal.Identity.Name;
    }
  }
}

The following code example shows using the ClientCredentials property to set the client application credentials prior to invoking the operation that requires those credentials for impersonation.

using System;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.Security.Principal;
using System.Threading;

namespace Microsoft.WCF.Documentation
{
  public class Client
  {
    public void Run()
    {
      // Picks up configuration from the config file.
      SampleHelloClient wcfClient = new SampleHelloClient();
      try
      {
        // Set the client credentials to permit impersonation. You can do this programmatically or in the configuration file.
        wcfClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;

        // Make calls using the proxy.
        Console.ForegroundColor = ConsoleColor.White;
        Console.WriteLine("Enter a greeting to send and press ENTER: ");
        Console.Write(">>> ");
        Console.ForegroundColor = ConsoleColor.Green;
        string greeting = Console.ReadLine();
        Console.ForegroundColor = ConsoleColor.White;
        Console.WriteLine("Called service with: \r\n\t" + greeting);
        Console.WriteLine("Service returned: " + wcfClient.Hello(greeting));
        Console.ForegroundColor = ConsoleColor.Blue;
        Console.Write("Press ");
        Console.ForegroundColor = ConsoleColor.Red;
        Console.Write("ENTER");
        Console.ForegroundColor = ConsoleColor.Blue;
        Console.Write(" to exit...");
        Console.ReadLine();
        wcfClient.Close();
      }
      catch (TimeoutException timeProblem)
      {
        Console.WriteLine("The service operation timed out. " + timeProblem.Message);
        wcfClient.Abort();
        Console.Read();
      }
      catch (CommunicationException commProblem)
      {
        Console.WriteLine("There was a communication problem. " + commProblem.Message);
        wcfClient.Abort();
        Console.Read();
      }
    }
    public static void Main()
    {
      Client client = new Client();
      client.Run();
    }
  }
}

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8.1, Windows Server 2012 R2, Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Show:
© 2014 Microsoft