WCF Delegation Cheat Sheet

I’ve struggled getting kerberos delegation to work with WCF – say to access a database using Integrated Security via a ‘double hop’ – too often… The below is a (very) quick and dirty cheat sheet I use to get it all up and running..

  1. Choose an appropriate binding – generally wsHttpBinding or netTcpBinding. I believe you can get basicHttpBinding to use delegation, given you use transport level security, but I’ve not tried this myself.
  2. Ensure your service behaviours are configured with the correct impersonateCallerForAllOptions value
    <serviceBehaviors>
       <behavior name="ContourBehavior">
          <serviceAuthorization impersonateCallerForAllOperations="true" />
       </behavior>
    </serviceBehaviors>
  3. Continue reading