CSLA .NET

I'm working on an intranet app - dual head Win/Web, based on CSLA business objects. 

Using CSLA 3.5 Beta 2, I'm trying to get WCF working for the dataportal.

Client requires WCF be hosted in a Windows Service.  I'm using a console app in place of the Windows Service for dev. 

I've been running into this and that error, am currently getting the "Invalid Token for impersonation - it cannot be duplicated." error.  This confuses me because there's nothing I know of causing impersonation. 
But that's not my main question.  I need access to the user's network username from within the dataportal so that I can use it to mark "who updated this" on rows.

I don't care about an actual identity or principal object, don't care about roles, etc, but if identity or principal comes across, that's fine too as it will give me the username that I need.

I keep reading that by default WCF will pass the windows identity, but no combination of my experimenting has actually allowed this to happen. 

It sounds like nothing in WCF is easy, but is there a known way to get this information to go across the wire?


App.config (WPF Client)
----------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
   
  <appSettings>
      <add key="CslaAuthentication" value="Csla" />
  
    <add key="CslaDataPortalProxy"
         value="Csla.DataPortalClient.WcfProxy, Csla"/>
  </appSettings>
 
  <system.serviceModel>
    <client>
      <endpoint name="WcfDataPortal"
                address="net.tcp://corpdev10knd:9090/WcfDataPortal"
                binding="netTcpBinding" 
                contract="Csla.Server.Hosts.IWcfPortal" />
    </client>
   
  </system.serviceModel>
</configuration>
----------------------------------------

Server app.config (WCF hosted in Windows Console App)
----------------------------------------
<?xml version="1.0" encoding="utf-8" ?>
<configuration>

  <appSettings>
    <add key="CslaAuthentication" value="Csla" />
   </appSettings>
 
  <system.serviceModel>
   
    <services>
      <!-- Before deployment, you should remove the returnFaults behavior configuration to avoid disclosing information in exception messages -->
      <service name="Csla.Server.Hosts.WcfPortal" behaviorConfiguration="returnFaults">
        <endpoint address="net.tcp://localhost:9090/WcfDataPortal"
                  contract="Csla.Server.Hosts.IWcfPortal"
                  binding="netTcpBinding"/>
      </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior name="returnFaults">
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    
    </behaviors>
  </system.serviceModel>
 
</configuration>
----------------------------------------

Any advice would be appreciated.  Thanks!

In the PT, there are two class about security, which are Principal.cs and Identity.cs.

And to deal with your problem, you just need to call the Login or Logout method of Principal class.

public static bool Login(string username, string password)

{}

public static void Logout()

{}

Diz:

I keep reading that by default WCF will pass the windows identity, but no combination of my experimenting has actually allowed this to happen. 

That is true (sort of), but only when you host in IIS or WAS. If you host in your own custom process then you assume responsibility for things like impersonation and identity management - at least that's my understanding.

If you are using a custom CSLA principal, then the data portal will take care of the principal for you - but you'll still need to make sure your WCF host accepts requests without trying to do Windows impersonation - which probably requires some extra WCF configuration.

In my experience even hosting in IIS or WAS typically requires extra WCF configuration too. Rarely can you get away with the default WCF settings in a real app.

And you are right, nothing with WCF comes easy...

---

Rocky

We are using a framework wrapping CSLA in my company. Until recently, in most projects the server was hosted in IIS. I have built a new solution and am hosting this in a windows service. In order to provide logging by the server, I need to obtain the windows login of the user and use in the database fetch method.

We were using the ApplicationContext to return the user ID, this now has the account info for the IIS account, not the actual user.

We are using basicHttpBinding and I have the credentials set up and working in a test project. This involves using [(ServiceBehaviour(InstanceContextMode = InstanceContectMode.PerCall)] and [OperationBehaviour(Impersonation = ImpersonationOption.Required)] around the methods.

What I need to be able to do, it get this working with CSLA, but am unsure how to do this.

 

 

---

Rocky

Thanks for the reply. I can get WCF to do it, can send you code if you want?

It easy for me to do it if I have full control over the operations contracts, but the way we are using the CSLA / IWcfPortal means that I haven't got control of the operations contracts. These are in the IWcfPortal.cs. I am wondering if I just wrap these methods with the impersonation operation contract specifics, it may just work. This will be nicer solution than me having to change the code to have to pass the user name.

---

Rocky