OK, here are the things that come into mind:
- Your WCF service presumably running on IIS must be running under the security context that has the privilege that calls the Web Service. You need to make sure in the app pool with a user that is a domain user - ideally a dedicated user.
- You can not use impersonation to use user's security token to pass back to ASMX using impersonation since
my WCF web service calls another ASMX web service, installed on a **different** web server - Try changing
NtlmtoWindowsand test again.
OK, a few words on impersonation. Basically it is a known issue that you cannot use the impersonation tokens that you got to one server, to pass to another server. The reason seems to be that the token is a kind of a hash using user's password and valid for the machine generated from so it cannot be used from the middle server.
UPDATE
Delegation is possible under WCF (i.e. forwarding impersonation from a server to another server). Look at this topic here.
Thanks. When i set a domain user to the app pool it works well, but now all my calls to the WS are executed under the app pool domain user. Can't I call the ASMX ws using impersonation, so the call is executed under the client's user security token ?
BTW, i forgot to mention that when using impersonation with a specific user (the same user that is logged in to the client) everything works well: client = new ClCustomersServiceClient(); client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain"); response = client.ClCustomersQuery(request);
Well, you are using username password on the WCF server to impersonate on the ASMX server. This is possible but you cannot pass the windows authentication used to get to WCF, to get to ASMX.
Aliostad - Thanks for your help.