WindowsClientCredential.AllowedImpersonationLevel プロパティ


許可される偽装レベルを取得または設定します。Gets or sets the allowed impersonation level.

 property System::Security::Principal::TokenImpersonationLevel AllowedImpersonationLevel { System::Security::Principal::TokenImpersonationLevel get(); void set(System::Security::Principal::TokenImpersonationLevel value); };
public System.Security.Principal.TokenImpersonationLevel AllowedImpersonationLevel { get; set; }
member this.AllowedImpersonationLevel : System.Security.Principal.TokenImpersonationLevel with get, set
Public Property AllowedImpersonationLevel As TokenImpersonationLevel


TokenImpersonationLevel 値のいずれか 1 つ。One of the TokenImpersonationLevel values.

このプロパティを設定する方法を次の例に示します。The following example shows how to set this property.

// Create a service host.
EndpointAddress ea = new EndpointAddress("http://localhost/Calculator");
WSHttpBinding b = new WSHttpBinding(SecurityMode.Message);
b.Security.Message.ClientCredentialType = MessageCredentialType.Windows;

// Create a client. The code is not shown here. See the WCF samples
// for an example of the CalculatorClient code.

CalculatorClient cc = new CalculatorClient(b, ea);
// Get a reference to the Windows client credential object.
WindowsClientCredential winCred= cc.ClientCredentials.Windows;
Console.WriteLine("AllowedImpersonationLevel: {0}", 
Console.WriteLine("AllowNtlm: {0}", winCred.AllowNtlm);
Console.WriteLine("Domain: {0}", winCred.ClientCredential.Domain);

// Change the AllowedImpersonationLevel.
winCred.AllowedImpersonationLevel = 

Console.WriteLine("Changed AllowedImpersonationLevel: {0}", 
// Open the calculator and use it.
//Console.WriteLine(cc.Add(11, 11));

//// Close the client.
' Create a service host.
Dim ea As New EndpointAddress("http://localhost/Calculator")
Dim b As New WSHttpBinding(SecurityMode.Message)
b.Security.Message.ClientCredentialType = _

' Create a client. The code is not shown here. See the WCF samples
' for an example of the CalculatorClient code.
Dim cc As New CalculatorClient(b, ea)
' Get a reference to the Windows client credential object.
Dim winCred As WindowsClientCredential = cc.ClientCredentials.Windows
Console.WriteLine("AllowedImpersonationLevel: {0}", _
Console.WriteLine("AllowNtlm: {0}", winCred.AllowNtlm)
Console.WriteLine("Domain: {0}", winCred.ClientCredential.Domain)

' Change the AllowedImpersonationLevel.
winCred.AllowedImpersonationLevel = _

Console.WriteLine("Changed AllowedImpersonationLevel: {0}", _
' Open the calculator and use it.
' cc.Open()
' Console.WriteLine(cc.Add(11, 11))
' Close the client.
' cc.Close()


このプロパティは、Windows SSPI ネゴシエート認証の使用時にクライアントがサーバーに付与する偽装レベルを指定します。This property specifies the impersonation level granted by the client to the server when using Windows SSPI Negotiate authentication. サーバーがクライアント トークンを偽装するときに取得する偽装レベルは、この設定だけに依存するわけではありません。Note that the impersonation level obtained by the server when it impersonates the client token is not solely a function of this setting. サービスが実行されているアカウントの関連付けられている特権やドメインの設定にも依存します。It is also a function of the associated privileges and domain settings for the account in which the service is running.

クライアントは、このプロパティを使って、許可される偽装レベルを明示的に設定する必要があります。The client must explicitly set the allowed impersonation level using this property.

クライアントが匿名偽装レベルを指定した場合、サービスで偽装が実行されなくても、クライアントは常に匿名ユーザーとしてサービスから認証されます。When the client specifies anonymous impersonation the client always authenticates to the service as anonymous even when no impersonation is performed on the service. これは、基になる Windows オペレーティング システムの動作によるものです。This is due to underlying Windows operating system behavior.

Windows の偽装の詳細については、「権限借用と復帰」を参照してください。For more information about Windows impersonation, go to Impersonating and Reverting. Windows Communication Foundation を使用した偽装の詳細については、「委任と偽装」を参照してください。For more information about impersonation using Windows Communication Foundation, see Delegation and Impersonation.