Why can't I open a file using impersonation on a remote machine?

Question

Why can't I open a file using impersonation on a remote machine?

I have a WCF service written in C # hosted on a remote machine, acting as a local administrator account. From my machine, registered as an active user of the directory, I send a command that simply tells her to open the file on the network. I have access to the file, but there is no administrator account on the host machine. I am using the [OperationBehavior (Impersonation = ImpersonationOption.Required)] meta tag of a method that requires impersonation, and I have correctly configured the credential type and security modes. I can check if this account is really trying to impersonate by comparing Windows identifiers, but I still get an access denied exception. I think this has something to do with the active directory that does not authenticate the impersonated user. Is something missing?

+3

security c # .net wcf impersonation

MGSoto Aug 11 '09 at 18:53

source share

2 answers

, , - . , -. . MSDN , , AD.

+1

tvanfosson 11 . '09 19:05

Zyphrax · Accepted Answer · 2009-08-11T19:13:23+0000

You enter a Kerberos security domain and two hops authentication.
You have two options:

Take the red pill : try two authentication hops. Make sure that you have at least a Windows Server 2003 domain, that the time is correctly synchronized between all machines and that proper delegation is configured for special user / computer accounts. If you're really lucky, you'll have to configure SPN using SetSPN.
: , WCF , , .

, , 10 . , - . , Google, .

...

Why can't I open a file using impersonation on a remote machine?

More articles: