[HOWTO] Impersonate Calls to OData Service Reference

While working with OData controllers I came accross a challenge concerning authentication. The used authentication mode is Windows Authentication.
I wanted to invoke an OData controller through a service reference from another OData controller with the user of the original call. The user of the original call has to be impersonated because the controller encapsulated as a service reference checks, if the user has the required permissions. First I tried to call the service reference with the DefaultCredentials of the CredentialCache as described here but it didn’t work because on a standalone IIS server the call was done in the security context of the user IIS APPPOOL\DefaultAppPool. I tried out several other options until I got the impersonation to work. The solution for getting the impersonation to work is shown below.

The GetCurrentUserId method of the CurrentUserDataHelper will be invoked from an ODataController. In this case the identity of the user can be retrieved from the HttpContext. Then the DefaultCredentials of the CredentialCache have to be assigned to the service reference credentials property. To impersonate the call to the service reference the call has to be done inside the using statement that is responsible to impersonate the identity of the caller.

Trackbacks

  1. […] For more information on Impersonation and ODATA Controller see [HOWTO] Impersonate Calls to OData Service Reference. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: