Invalid token for impersonation issue.

sliedig — Wed, 24 Mar 2010 17:46:47 GMT

Hello,

Wondering if someone can help me with an issue I'm having with accessing the data portal.

We are using CSLA version 3.6.2. with CSLA Authentication for the DataPortal.

We have developed a Windows Service that is responsible for generation of data sets that are shared amongst a number of clients. The service also hosts a WCF Services that exposes an endpoint that is consumed by a Pub/Sub implementation.

When the service starts up, it successfully connects to the data portal (via WCF) and builds the available datasets in the system. No problem.

When a new dataset definition is created by a client, the Windows Service receives the published event via the pub/sub and attempts to build the dataset from the newly created definition which was saved in the database. It at this point that the attempt to access the database fails with an error:

"Invalid token for impersonation - it cannot be duplicated."

During the initial call (when the service starts up) the DataPortalContext has no identity. When the callback method is invoked by the pub sub, the DataPortalContext has the identity of the host for the PubSub service. I know this because when I hosted the Pub/Sub service is IIS (via WAS), it tried to access the data portal with the identity IIS APPPOOL.

My initial solution was to add the following to the callback method

[OperationBehavior(Impersonation = ImpersonationOption.NotAllowed)]

This actually worked, at least initially. Now it doesn't and I am not sure why or how to get around the issue of the impersonation token duplication. I've read some previous posts that talk about double hops but I am not sure how to resolve that either.

Your assistance would be appreciated.

Regards,

Steve

Search results matching tags 'Data portal' and 'Security'

Invalid token for impersonation issue.