Windows authentication not working - ORA-01017: invalid username/password; logon denied

I have a silverlight application which fetches data from a WCF Service hosted under a Windows Service which runs under the "Local System" account i.e. NT AUTHORITY/ SYSTEM.

I have enabled Windows Authentication on this WCF service using the below in my App.config

<system.serviceModel>
<behaviors>
  <endpointBehaviors>
    <behavior name="webHttpBehavior">
      <webHttp/>
    </behavior>
  </endpointBehaviors>
  <serviceBehaviors>
    <behavior name="defaultServiceBehavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="true"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<bindings>           
  <basicHttpBinding>
    <binding name="winAuthBasicHttpBinding" openTimeout="05:00" sendTimeout="05:00" >
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
<services>
  <service behaviorConfiguration="defaultServiceBehavior" n开发者_开发知识库ame="DataService.CrossDomainService">
    <endpoint address="" behaviorConfiguration="webHttpBehavior" binding="webHttpBinding" contract="DataService.ICrossDomainService">
      <identity>
        <dns value="107.0.0.12"/>
      </identity>
    </endpoint>
    <host>
      <baseAddresses>
        <add baseAddress="http://107.0.0.12:2035/"/>
      </baseAddresses>
    </host>
  </service>
  <service behaviorConfiguration="defaultServiceBehavior" name="DataService.NewDataService">        
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="winAuthBasicHttpBinding" contract="DataService.INewDataService">
      <identity>
        <dns value="107.0.0.12"/>
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
    <host>
      <baseAddresses>
        <add baseAddress="http://107.0.0.12:2035/DataService/"/>
      </baseAddresses>
    </host>
  </service>
</services>

I have also enabled Windows Authentication in the connection string for Oracle using Integrated Security=SSPI as below:

<connectionStrings>    
<add name="netTiersConnectionString" connectionString="Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=107.0.0.17)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=SVC001)));Integrated Security=SSPI; Min Pool Size= 1; Max Pool Size= 5;" />    

Now when the Silverlight app makes a call to the WCF Service, the database connection happens using NT AUTHORITY/SYSTEM account instead of domainname/username credentials of the logged in user in the Silverlight app which itself uses Windows Authentication. Hence I get the invalid username error.

The same configurations work fine when I host the WCF service in a console application. But when I host in a windows service, it runs under a Local System account and hence I guess this issue.

What can I do so that the database connection is made using windows authentication credentials of logged in user and not the Local System account?

Thanks, Pankaj Chamria

I found the answer thanks to a reply on CodeProject.. (see here & here)

I just needed to force impersonation on every WCF Service function that made a call to the Oracle database. The way to do it is adding the below attribute on every OperationContract implementation.

[OperationBehavior(Impersonation = ImpersonationOption.Required)]

A possible approach is to run your WCF service with IIS and configure it to you impersonation:

<configuration>
  <system.web>
    <identity impersonate="true" />
  </system.web>
</configuration>

I can't tell you whether you can achieve the same with a Windows service.