Last post Oct 12, 2012 07:05 AM by lprete
Oct 10, 2012 09:58 AM|jeremywrags|LINK
I have a requirement to write a WCF service that will be called from MS Excel using the Service Moniker from VBA code. So far that part I have figured out.
I also have impersonation working so that if I were to return the current user from a web method it will return my username and not IIS\DefaultAppPool or whatever IIS is running as...
So here is my issue. I have a third party dll "CyberArk Password Management if anyone is interested" where I create a PWD object, set some parameters and then call a method named Getpassword. Now I can call the method but I always get a authenication failure.
If I dig into the logs of the CyberArk agent that I have running it seems that even though I am using Impersonation that the dll method is still being called as IIS\DefaultAppPool
Here are a few snippets...
Impersonation is turned on at the method Level
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
A call to this method returns my Domain and User name as I would expect
But this line is being called as IIS\DefaultAppPool
password = PasswordSDK.GetPassword(passRequest);
I have tried doing Impersonation in Code rather than using the Annotaion, I have also tried a Impersonation object with a using bolck and nothing seems to work so here is what I am thinking.
1. The dll somehow does not allow me to impersonate the caller for security reasons
2. It may be the .NET framework not allowing this again for security reasons
3. I have no clue and would love some help :-)
Oct 12, 2012 07:05 AM|lprete|LINK
Impersonation.Required is what you need to run your thread under the caller user account as you have verified. However, besides impersonating you are also delegating the credential you have received. This require much more (painful) work:
Sorry that it is not an easy path, but security takes its toll.