| Subject: Wrong client credentials in windows-hosted WCF service called from |
| Group: microsoft.public.windows.developer.winfx.indigo |
| Date: 2/6/2008 7:51:01 AM |
| From: =?Utf-8?B?bGFyc2hvbG0=?= [Email Address Protection] |
I'm testing a WCF service in which my methods return personalized info based on the identity of the caller. This works fine, Thread.CurrentPrincipal.Identity.Name and all the other identity-holders, returns the individual users domain and login. However when me and my coworker access the web app simultaniously I GET HIS CREDENTIALS! For instance, the method below returns his domain\login. [OperationBehavior(Impersonation = ImpersonationOption.Required)] public string ServiceTest() { return OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name; } At first I thought this was somehow a cache problem (IIS7 or we've got some service cache) and I was served an old response, but a timestamp on the service response quickly disproved that. I would understand if the method returned the IIS user account or the account the windows service runs under.. but my coworkers.. That's a total security breech. How to solve? |
| Back |