While working with OData controllers I came accross a challenge concerning authentication. The used authentication mode is Windows Authentication.
I wanted to invoke an OData controller through a service reference from another OData controller with the user of the original call. The user of the original call has to be impersonated because the controller encapsulated as a service reference checks, if the user has the required permissions. First I tried to call the service reference with the DefaultCredentials of the CredentialCache as described here but it didn’t work because on a standalone IIS server the call was done in the security context of the user IIS APPPOOL\DefaultAppPool. I tried out several other options until I got the impersonation to work. The solution for getting the impersonation to work is shown below.

namespace how.To.Impersonate.Service.Reference.Call
public static class CurrentUserDataHelper
public static String GetCurrentUserId()
var administrationService = GetServiceReferenceInstance();
var identity = (WindowsIdentity)HttpContext.Current.User.Identity;
administrationService.Credentials = CredentialCache.DefaultCredentials;
using (var impersonationContext = identity.Impersonate())
return administrationService.CurrentUsers.ToList().First().Identity;
private static Contracts.CurrentUserData.Administration GetServiceReferenceInstance()
return new Contracts.CurrentUserData.Administration(new Uri(ConfigurationManager.AppSettings["AKey"]));

The GetCurrentUserId method of the CurrentUserDataHelper will be invoked from an ODataController. In this case the identity of the user can be retrieved from the HttpContext. Then the DefaultCredentials of the CredentialCache have to be assigned to the service reference credentials property. To impersonate the call to the service reference the call has to be done inside the using statement that is responsible to impersonate the identity of the caller.

1 Comment »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.