Trusted Subsystem, WCF and IIS
I’ve just about pulled my hair out on this one. This used to be very easy with ASMX:
Basically, I have IIS running as a trusted user, “Service”. I want WCF to run as this user for connecting to databases, etc. I don’t care who’s calling me, I’m in an intranet environment, and this service is open to the world. Unfortunately, all I can ever get is “user not associated with a trusted connection”, no matter what I do. I suspect it’s due to a network hop issue, or something similar. I can get it to work by flowing identity down, but I don’t want to do that, it’s not Trusted Subsystem.
I’ve spent about a day on two separate occasions trying to get this to work, but all examples seem to force me to set the service account on the ASP.NET side. But I don’t want to force clients to do any kind of security, that defeats the purpose.
The quickest way to Trusted Subsystem now is to use SQL Server authentication. With ASMX, I used ASP.NET configuration, along with IIS security configuration to set the identity, and it worked just fine. WCF works outside the ASP.NET stack, so I don’t have that luxury. Security in WCF is tough, kids, don’t let anyone tell you any different.