Hi,
Any one else get this error?
I just downloaded latest from SVN trunk to play with WCF integration and I am getting the above error in the Dataportal.Client.WcfProxy.Fetch method. I've tried all sort of configurations in the app.config and can't find much on google about this error. The host is IIS and the Service.svc file looks like:
<% @ServiceHost Language=VB Debug="true" Service="Csla.Server.Hosts.WcfPortal" %>
I'm using the following in my app.config & web.config, and I get the same error without any bindingConfiguration (by the way, this was generated from the svcutil in win sdk.)
App.Config
<
<
client>Web.config looks like (generated from the Service Config Editor from sdk):
<
system.serviceModel>Why are you specifying the userPrincipalName on the client?
I think Andy is right - by doing that, you are causing the client to start with that token and pass it to the app server, which probably works. But if the app server then tries to use SSPI to talk to the database you'll blow up because an impersonated token can't be re-impersonated.
If you can use different credentials to get from the client to the app server (either the user's crednetials or allow anonymous access to the vroot) that should resolve the issue.
What would you do differently in your config, or setting up the
proxy, to get your manual WCF calls to work?
In other words, the data portal is just using WCF. Why do you
think using a “direct” service call will work any differently?
Or to put it yet another way, if you can get a “direct”
call to work, what did you do in the config or proxy initialization that is
different from what the data portal does? That should shed some light on what
needs to be done with the data portal (config or WcfProxy code) to make it
work.
Rocky
From: sacarro
[mailto:cslanet@lhotka.net]
Sent: Wednesday, September 10, 2008 7:59 AM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] WCF Error: Invalid token for impersonation - it
cannot be duplicated.
Has anybody found a solution for this yet? I have a
standalone application server running my wcf services and IIS running a web
application that hosts my CSLA objecst. When I make the dataportal call from
the webserver, it gives the invalid token error. The web.config has the
following security set up:
<authentication mode="Windows"/>
....
<security mode="Transport">
<transport clientCredentialType="Windows"
protectionLevel="EncryptAndSign" />
<message
clientCredentialType="Windows" />
</security>
which is what I want. Does anybody have a solution? Or should I just set up a
wcf client call in my CSLA dataportal and run them all dataportal operation
locally in order to keep security?
Thanks,
~Sam
So basically you need some way to alter or customize the proxy
object before it is used?
That makes sense. I was recently talking to Miguel Castro about
a similar scenario, and I think the answer is to alter WcfProxy so the proxy is
a protected member. That way you can subclass WcfProxy and alter the actual WCF
proxy object as needed based on various security configurations.
You can already subclass WcfProxy to change the endpoint name
used from the config file – this would just be one extra feature in that
same vein.
Rocky
From: sacarro
[mailto:cslanet@lhotka.net]
Sent: Wednesday, September 10, 2008 9:20 AM
To: rocky@lhotka.net
Subject: Re: [CSLA .NET] RE: WCF Error: Invalid token for impersonation
- it cannot be duplicated.
I think this is what you were asking for This the web code
to get the service calls:
// Works
using (ServiceClient client = new ServiceClient())
{
ClientNameLiteral.Text = client.GetName();
}
// Impersonation Issue
CslaClient
wcfCslaClient = CslaClient .GetName();
The config:
<endpoint
address="net.tcp://localhost:8765/Service/ServiceClient"
binding="netTcpBinding"
bindingConfiguration="ServiceClientBinding"
contract="Service.ServiceClient"
name="ServiceC
lient">
</endpoint>
<endpoint name="WcfDataPortal"
address=""net.tcp://localhost:8765/Service/CslaDataPortal/"
binding="netTcpBinding"
bindingConfiguration="ServiceClientBinding"
contract="Csla.Server.Hosts.IWcfPortal">
</endpoint>
I put a test release of 3.5.2 online just now, and it includes a couple virtual methods in WcfProxy that you should be able to use to alter the channel factory and proxy objects.
You can override GetChannelFactory() to initialize (or even create your own) ChannelFactory<IWcfPortal>. The base implementation simply creates the channel factory, so you could do this:
protected override ChannelFactory<IWcfPortal> GetChannelFactory()
{
var f = base.GetChannelFactory();
// set properties of f here
return f;
}
You can do the same thing with GetProxy(), which is responsible for creating the proxy based on the channel factory.
I think you can use these methods to set nearly any security-related (or other) properties or values necessary to customize how the objects are created.
Copyright (c) Marimer LLC