Use OperationBehavior to impersonate declaratively

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Use the OperationBehavior attribute to impersonate declaratively. There are two options for declarative impersonation
  • Impersonating on specific operations**
  • Impersonating on entire service
Impersonating on specific operations
Use this option when you want to impersonate the original caller for entire duration of specific operation. Impersonation is costly operation and also usually is used for higher privileged original callers, hence using impersonation selectively only on the operations which needs it reduces the potential attack surface. You can impersonate declaratively by applying the OperationBehaviorAttribute attribute on any operation that requires client impersonation, as shown in the following code example.
[*OperationBehavior*(Impersonation = ImpersonationOption.*Required*)]
public string GetData(int value)
{
   return “test”;
}

Impersonating on the entire service
Use this option when you want to impersonate the original caller for entire duration of all the operations. Impersonation is costly operation and also usually is used for higher privileged original callers, hence you need to be careful when opting for this, as it potentially increases the attack surface. For impersonating the entire service set the impersonateCallerForAllOperations attribute to "true" in the WCF configuration file, as shown in the following example.

...
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceBehavior">
      <serviceMetadata httpGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="false" />
      <serviceAuthorization *impersonateCallerForAllOperations="true"* />
    </behavior>
  </serviceBehaviors>
</behaviors>
...

When impersonating for all operations, the Impersonation property of the OperationBehaviorAttribute applied to each method must also be set to either Allowed or Required.

Note: - When a service has higher credentials than the remote client, the credentials of the service are used if the Impersonation property is set to Allowed. That is, if a low-privileged user provides its credentials, a higher-privileged service executes the method with the credentials of the service, and can use resources that the low-privileged user would otherwise not be able to use.

Last edited Apr 24, 2008 at 12:10 AM by prashantbansode, version 2

Comments

No comments yet.