OperationBehaviorAttribute.Impersonation OperationBehaviorAttribute.Impersonation OperationBehaviorAttribute.Impersonation OperationBehaviorAttribute.Impersonation Property

定義

操作がサポートする呼び出し元の偽装レベルを示す値を取得または設定します。Gets or sets a value that indicates the level of caller impersonation that the operation supports.

public:
 property System::ServiceModel::ImpersonationOption Impersonation { System::ServiceModel::ImpersonationOption get(); void set(System::ServiceModel::ImpersonationOption value); };
public System.ServiceModel.ImpersonationOption Impersonation { get; set; }
member this.Impersonation : System.ServiceModel.ImpersonationOption with get, set
Public Property Impersonation As ImpersonationOption

プロパティ値

次のサービスのコード例では、Impersonation プロパティを Required に設定することで、偽装を要求しています。The following service code example requires impersonation by setting the Impersonation property to Required.

using System;
using System.Collections.Generic;
using System.ServiceModel;
using System.Threading;

namespace Microsoft.WCF.Documentation
{
  [ServiceContract(
    Name="SampleHello",
    Namespace="http://microsoft.wcf.documentation"
  )]
  public interface IHello
  {
    [OperationContract]
    string Hello(string greeting);
  }

  public class HelloService : IHello
  {

    public HelloService()
    {
      Console.WriteLine("Service object created: " + this.GetHashCode().ToString());
    }

    ~HelloService()
    {
      Console.WriteLine("Service object destroyed: " + this.GetHashCode().ToString());
    }

    [OperationBehavior(Impersonation=ImpersonationOption.Required)]
    public string Hello(string greeting)
    {
      Console.WriteLine("Called by: " + Thread.CurrentPrincipal.Identity.Name);
      Console.WriteLine("IsAuthenticated: " + Thread.CurrentPrincipal.Identity.IsAuthenticated.ToString());
      Console.WriteLine("AuthenticationType: " + Thread.CurrentPrincipal.Identity.AuthenticationType.ToString());

      Console.WriteLine("Caller sent: " + greeting);
      Console.WriteLine("Sending back: Hi, " + Thread.CurrentPrincipal.Identity.Name);
      return "Hi, " + Thread.CurrentPrincipal.Identity.Name;
    }
  }
}
Imports System.ServiceModel
Imports System.Threading

Namespace Microsoft.WCF.Documentation
  <ServiceContract(Name:="SampleHello", Namespace:="http://microsoft.wcf.documentation")> _
  Public Interface IHello
	<OperationContract> _
	Function Hello(ByVal greeting As String) As String
  End Interface

  Public Class HelloService
	  Implements IHello

	Public Sub New()
	  Console.WriteLine("Service object created: " & Me.GetHashCode().ToString())
	End Sub

	Protected Overrides Sub Finalize()
	  Console.WriteLine("Service object destroyed: " & Me.GetHashCode().ToString())
	End Sub

	<OperationBehavior(Impersonation:=ImpersonationOption.Required)> _
	Public Function Hello(ByVal greeting As String) As String Implements IHello.Hello
	  Console.WriteLine("Called by: " & Thread.CurrentPrincipal.Identity.Name)
	  Console.WriteLine("IsAuthenticated: " & Thread.CurrentPrincipal.Identity.IsAuthenticated.ToString())
	  Console.WriteLine("AuthenticationType: " & Thread.CurrentPrincipal.Identity.AuthenticationType.ToString())

	  Console.WriteLine("Caller sent: " & greeting)
	  Console.WriteLine("Sending back: Hi, " & Thread.CurrentPrincipal.Identity.Name)
	  Return "Hi, " & Thread.CurrentPrincipal.Identity.Name
	End Function
  End Class
End Namespace

次のコード例では、ClientCredentials プロパティを使用して、偽装するためにクライアント アプリケーション資格情報を必要とする操作を呼び出す前に、それらの情報を設定しています。The following code example shows using the ClientCredentials property to set the client application credentials prior to invoking the operation that requires those credentials for impersonation.

using System;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.Security.Principal;
using System.Threading;

namespace Microsoft.WCF.Documentation
{
  public class Client
  {
    public void Run()
    {
      // Picks up configuration from the config file.
      SampleHelloClient wcfClient = new SampleHelloClient();
      try
      {
        // Set the client credentials to permit impersonation. You can do this programmatically or in the configuration file.
        wcfClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
        
        // Make calls using the proxy.
        Console.ForegroundColor = ConsoleColor.White;
        Console.WriteLine("Enter a greeting to send and press ENTER: ");
        Console.Write(">>> ");
        Console.ForegroundColor = ConsoleColor.Green;
        string greeting = Console.ReadLine();
        Console.ForegroundColor = ConsoleColor.White;
        Console.WriteLine("Called service with: \r\n\t" + greeting);
        Console.WriteLine("Service returned: " + wcfClient.Hello(greeting));
        Console.ForegroundColor = ConsoleColor.Blue;
        Console.Write("Press ");
        Console.ForegroundColor = ConsoleColor.Red;
        Console.Write("ENTER");
        Console.ForegroundColor = ConsoleColor.Blue;
        Console.Write(" to exit...");
        Console.ReadLine();
        wcfClient.Close();
      }
      catch (TimeoutException timeProblem)
      {
        Console.WriteLine("The service operation timed out. " + timeProblem.Message);
        wcfClient.Abort();
        Console.Read();
      }
      catch (CommunicationException commProblem)
      {
        Console.WriteLine("There was a communication problem. " + commProblem.Message);
        wcfClient.Abort();
        Console.Read();
      }
    }
    public static void Main()
    {
      Client client = new Client();
      client.Run();
    }
  }
}
Imports System.ServiceModel
Imports System.ServiceModel.Channels
Imports System.Security.Principal
Imports System.Threading

Namespace Microsoft.WCF.Documentation
  Public Class Client
	Public Sub Run()
	  ' Picks up configuration from the config file.
	  Dim wcfClient As New SampleHelloClient()
	  Try
		' Set the client credentials to permit impersonation. You can do this programmatically or in the configuration file.
		wcfClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation

		' Make calls using the proxy.
		Console.ForegroundColor = ConsoleColor.White
		Console.WriteLine("Enter a greeting to send and press ENTER: ")
		Console.Write(">>> ")
		Console.ForegroundColor = ConsoleColor.Green
                Dim greeting = Console.ReadLine()
		Console.ForegroundColor = ConsoleColor.White
		Console.WriteLine("Called service with: " & vbCrLf & vbTab & greeting)
		Console.WriteLine("Service returned: " & wcfClient.Hello(greeting))
		Console.ForegroundColor = ConsoleColor.Blue
		Console.Write("Press ")
		Console.ForegroundColor = ConsoleColor.Red
		Console.Write("ENTER")
		Console.ForegroundColor = ConsoleColor.Blue
		Console.Write(" to exit...")
		Console.ReadLine()
		wcfClient.Close()
	  Catch timeProblem As TimeoutException
		Console.WriteLine("The service operation timed out. " & timeProblem.Message)
		wcfClient.Abort()
		Console.Read()
	  Catch commProblem As CommunicationException
		Console.WriteLine("There was a communication problem. " & commProblem.Message)
		wcfClient.Abort()
		Console.Read()
	  End Try
	End Sub
	Public Shared Sub Main()
	  Dim client As New Client()
	  client.Run()
	End Sub
  End Class
End Namespace

注釈

Impersonation プロパティ (および偽装をサポートするバインド構成) を使用して、指定したメソッド (Impersonation プロパティを Allowed または Required を設定することでマークしたメソッド) が、呼び出し元の ID で実行されるようにします。Use the Impersonation property (together with a binding configuration that supports impersonation) to enable specified methods (those marked with the Impersonation property set to Allowed or Required) to execute under the caller's identity. 詳細については、権限借用を使用する場合に実行する方法を含むAllowedと共に、ServiceAuthorizationBehavior.ImpersonateCallerForAllOperationsプロパティを参照してください委任と偽装方法。サービスのクライアントを偽装します。For details, including how impersonation is performed when using Allowed together with the ServiceAuthorizationBehavior.ImpersonateCallerForAllOperations property, see Delegation and Impersonation and How to: Impersonate a Client on a Service.

注意

偽装を行うサービス エンドポイントをプログラムで追加する場合は、AddServiceEndpoint メソッドのいずれか、または ContractDescription.GetContract メソッドを使用して、コントラクトを新しい System.ServiceModel.Description.ServiceDescription オブジェクトに適切に読み込む必要があります。When programmatically adding a service endpoint that performs impersonation, you must either use one of the AddServiceEndpoint methods or the ContractDescription.GetContract method to properly load the contract into a new System.ServiceModel.Description.ServiceDescription object. 構成ファイルを使用する場合は、追加手順は不要です。Using a configuration file requires no extra step.

偽装がサポートされない特別なシナリオがあります。There may be specific scenarios when impersonation is not supported. 詳細については、次を参照してください。サポートされていないシナリオします。For more information, see Unsupported Scenarios.

適用対象