Send A Client's WindowsIdentity or WindowsPrincipal/IPrincipal Via WCF Callback?

I'm looking for a way to notify a running WPF application that a new Impersonated Windows user has been authenticated. I thought I could do this via WCF & NetNamedPipeBinding but the I'm unable to flow the Impersonated WindowsIdentity via a callback. My scenario is as follows:

WPF Client Authentication App (Authenticate User) -> WCF Windows Service (Do Somestuff & Notify via callback to any running apps that user has changed) -> WPF Running Apps (Get new WindowsIdentity via callback ServiceSecurityContext refresh app with new permissions based on IPrincipal)

I thought I could use Impersonation to impersonate the new authenticated user and use ServiceSecurityContext.Current to get the client app's WindowsIdentity during the callback to the already running WPF apps but it doesn't seem to be possible.

I'm essentially trying to do the following:

http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/ee23ff54-80da-47f4-946d-5c2d77e81309

Any ideas on how I could notify an already running app of a new WindowsIdentity? Any advice would be appreciated.

So this couldn't be accomplished with a callback but I was able to accomplish what I wanted via Delegation. I had to implement a WCF service on the target application and had the service in the middle (WCF Windows Service) make a call to the target app's WCF service to notify/send it the WindowsIdentity.

Middle Service:

[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public void MyServiceMethod(){
    DoStuff();
    ServiceSecurityContext securityContext = ServiceSecurityContext.Current;

    using (securityContext.WindowsIdentity.Impersonate()) {
          EndpointAddress backendServiceAddress = new EndpointAddress("net.pipe://localhost/TargetAppService");

          ChannelFactory<IService> channelFactory = new ChannelFactory<IService>(new NetNamedPipeBinding(), backendServiceAddress);
          IService channel = channelFactory.CreateChannel();

          channel.SetIdentity();
    }
}

Target App's Service:

    [OperationBehavior(Impersonation = ImpersonationOption.Allowed)]
    public void SetIdentity() {
        ServiceSecurityContext securityContext = ServiceSecurityContext.Current;
        if (securityContext != null && securityContext.WindowsIdentity != null) {
            Console.WriteLine("Identity's Username: "+securityContext.WindowsIdentity.Name);
        }
    }

If you just need information about the newly authenticated user in the callback client, your best bet would be to pass a custom DTO that contains the relevant information.

(Allowing an authenticated WindowsIdentity to be sent from a service to an arbitrary callback client would open up some terrible security holes, which is presumably why it it doesn't work in WCF.)