Purpose ServiceSecurityContext.WindowsIdentity?

Question

Purpose ServiceSecurityContext.WindowsIdentity?

Why is a ServiceSecurityContext containing a WindowsIdentity property?

Namely, if the user is authenticated using the Windows authentication mechanism, then the ServiceSecurityContext.PrimaryIdentity and ServiceSecurityContext.WindowsIdentity properties contain exactly the same information, and if the user is authenticated using some other authentication mechanism, then ServiceSecurityContext.WindowsIdentity will contain empty identification.

Thus, in the first case, the WindowsIdentity property contains the same data as PrimaryIdentity, while in the second case it does not contain data at all (i.e., it contains an empty identification).

Thank you

+3

wcf wcf-security

user437291 Dec 6 '10 at 19:52

source share

1 answer

stephen · Answer 1 · 2015-02-06T19:32:38+0000

Namely, if the user is authenticated using the Windows authentication mechanism, then both ServiceSecurityContext.PrimaryIdentity and ServiceSecurityContext.WindowsIdentity Properties contain exactly the same information

Just wrong.

ServiceSecurityContext.WindowsIdentityreturns a type WindowsIdentityand ServiceSecurity.PrimaryIdentityreturns a type IIdentity. A type WindowsIdentityhas many more properties than IIdentitythat which help you gain a deeper understanding, if you need it, of access rights, claims, tokens, and authenticated user identifiers.

A token, in particular, can help you impersonate a user and thereby gain access to a privileged resource.

. https://msdn.microsoft.com/en-us/library/system.security.principal.windowsidentity%28v=vs.110%29.aspx.

Purpose ServiceSecurityContext.WindowsIdentity?

More articles: