Solved

How to Run a Silverlight enabled WCF Service Method as a Specific Domain User/Account

Posted on 2011-09-12
7
578 Views
Last Modified: 2012-05-12
I am using Silverlight 4 and a Silverlight Enabled WCF Service. I have a Print button which makes an Async call to my service method. The goal here is to get my service to automatically print a report  to a specific printer and drawer.

I have found the following...

1.)  
I've read that impersonating all operations may increase attacks and negatively impact the security of your application. I simply want this one service method to impersonate. I found by adding this single line above my service method I'm now getting the list of printers on my machine and the report did print automatically to my default printer. THE PROBLEM IS I can't guarenteed the desired printer is the user's default and I don't want to hard code a printer name.

[OperationBehavior(Impersonation = ImpersonationOption.Required)]

2.)
"The user running the web service (usually the system or ASPNET account) must have a printer installed and must have permissions to print to that printer. Typically it's easiest to create a Domain account to run the web service. Then you can log in as that account, create a printer and test printing."

3.)
Another person suggested... "You should get the identity of the current user at a point in the service when you are scanning printers.  My guess is you are running as an anonymous user or someone other than your personal domain account.   If this is the case you need to run the service as a specific domain user with access to these printers."

We are running our service authentication at:
Anonymous - Disabled
ASP.NET Impersonation - Disabled
Form Authentication - Disabled
Windows Authentication - Enabled

The following exists in the web.config:
<authentication mode="Windows" />
<identity impersonate="false"/>

Anyone have any ideas as to how I can accomplish this WITHOUT automatically taking the current user's default printer or hard coding a printer name? How do I run a specific service method under a specific domain account/user?
0
Comment
Question by:farminsure
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:apeter
ID: 36532159
Only the printing part of the code you can impersonate, rest all other operaton you can run as windows account. No need to impersonate the whole service method. I guess this is the manageble option.

0
 

Author Comment

by:farminsure
ID: 36532331
So far I'm going down the route of creating a generic domain account which has the appropriate printer installed and set as default, with the appropriate permissions. My service method impersonates this generic domain user. Since the desired printer is set as default I don't have to directly specify a printer name. It automatically uses the default printer settings. Then all I have to set in code is the desired paper source and size. The printer would need these options set and loaded.

See attached service method code and wrapper class used.
 ServiceMethod-AutoPrint.txt ImpersonateMethods.cs
0
 
LVL 25

Expert Comment

by:apeter
ID: 36532407
Do below in the finally method. Looks like you are all set.

// Stop Impersonation    
                    impersonation.Revert();
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:farminsure
ID: 36532457
Do you mean ....

try {}
catch {}
finally
{
     // Stop Impersonation    
     impersonation.Revert();
}

My impersonation object doesn't exist??
0
 
LVL 25

Expert Comment

by:apeter
ID: 36534228
declare the impersonation object outside try and instantiate inside "try". Hope this helps.
0
 

Accepted Solution

by:
farminsure earned 0 total points
ID: 36550987
Just wanted to note what I finally ended up doing. A new DNS name and queue was created specifically for our Print Services. I was given permissions to this queue and installed the printer.I added a machine.config AppSetting key with a value consisting of the server name. So then when setting the printer name in my service method I use the machine.config key and hard code the queue name. Our Technical Services assures me the queue name will always remain constant but the server has a chance of changing hence why it's placed in the machine.config.
0
 

Author Closing Comment

by:farminsure
ID: 36572275
Solved my own issue.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Najam
Having new technologies does not mean they will completely replace old components.  Recently I had to create WCF that will be called by VB6 component.  Here I will describe what steps one should follow while doing so, please feel free to post any qu…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now