[WCF] Delegation between WCF and CRM Services

Impersonation and Delegation are important concepts around the services’ world. Impersonation restricts client access to resources in the local machine where is running the service and Delegation restricts client access to resources on other machine. In my scenario, I was trying to access from a WCF service to Dynamics CRM 4.0 services using Delegation.

In WCF, Delegation is a special type of Impersonation, which can be configured easily according to the next good articles:

However, some points are not really emphasized and you shouldn’t forget them:

  • Allow impersonation in the corresponding server. This configuration must be set from the domain controller.
  • User who is running WCF service must have enough privileges to impersonate the expected users
  • Allow Delegation from the client side. You have two options to do it:
    • Client Config. file:
 <behaviors>
            <endpointBehaviors>
                <behavior name="NewBehavior">
                    <clientCredentials>
                        <windows allowedImpersonationLevel="Delegation" />
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
</behaviors>
    • Programmatically:
proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
  • Set the userPrincipalName properly in client configuration file according to the user who is running the WCF service:
 <client>
            <endpoint address="service address with an allowed protocol to impersonate"
                behaviorConfiguration="NewBehavior" binding="Allowed protocol to impersonate"
                bindingConfiguration="defaultEndPoint" contract="MyAssembly.MyContract"
                name="defaultEndPoint">
                <identity>
                  <userPrincipalName value="serviceuser@mydomain.com" />
                </identity>
            </endpoint>
</client>

About Ramon Tebar

Software Engineer specialised on Microsoft Technologies with experience in large projects for different industrial sectors as developer, consultant and architect. I enjoy designing and developing software applications, it is my job and one of my hobbies. I’m interested in design patterns, new technologies and best practices. Making those part of the ALM process is a great challenge. During the last years, I have specialised in Microsoft Dynamics CRM (now Dynamics 365). I customise and extend the platform to provide tailored solutions and integrations based on service-oriented architectures and messages queuing. Motivated by community events and contributor in blogs, technical books, open source projects and forums, I have been awarded Microsoft Most Valuable Professional (MVP) on Dynamics 365 (CRM) since 2012.

Posted on February 23, 2010, in WCF. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: