Use OperationBehavior to impersonate declaratively
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Use the OperationBehavior
attribute to impersonate declaratively. There are two options for declarative impersonation
Impersonating on specific operations
- Impersonating on specific operations**
- Impersonating on entire service
Use this option when you want to impersonate the original caller for entire duration of specific operation. Impersonation is costly operation and also usually is used for higher privileged original callers, hence using impersonation selectively only on the
operations which needs it reduces the potential attack surface. You can impersonate declaratively by applying the
attribute on any operation that requires client impersonation, as shown in the following code example.
[*OperationBehavior*(Impersonation = ImpersonationOption.*Required*)]
public string GetData(int value)
Impersonating on the entire service
Use this option when you want to impersonate the original caller for entire duration of all the operations. Impersonation is costly operation and also usually is used for higher privileged original callers, hence you need to be careful when opting for this,
as it potentially increases the attack surface. For impersonating the entire service set the
impersonateCallerForAllOperations attribute to "true"
in the WCF configuration file, as shown in the following example.
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization *impersonateCallerForAllOperations="true"* />
When impersonating for all operations, the Impersonation
property of the
applied to each method must also be set to either
Note: - When a service has higher credentials than the remote client, the credentials of the service are used if the
property is set to Allowed
. That is, if a low-privileged user provides its credentials, a higher-privileged service executes the method with the credentials of the service, and can use resources that the low-privileged user would
otherwise not be able to use.