Pass user UPN claim to WCF service via BDC
https://sharepoint.stackexchange.com/questions/12942
-
16-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've finally managed to get my SharePoint system up and running so that it authenticates users with Kerberos and successfully passes that authentication along to a back-end WCF service. All end-users and the SP accounts are in the same domain; the WCF service is running as Network Service.
The back-end service is logging the claims present in every request, and shows claims for name, primarysid, primarygroupsid, several groupsid, authenticationmethod (blah/windows) and authenticationinstant. However, I'm told it will also require a upn claim containing the user's UPN.
How can I get this to happen? I've tried playing with the External System settings in SPD, and changing the web.config for the WCF service. (The service isn't under my control, but they've provided a copy for me to play with and I'll be feeding back any necessary changes.) Nothing seems to affect the list of claims, except when I screw it up enough that the request starts coming from one of the SP domain accounts rather than the user.
Solution 2
We ended up setting BDC to not authenticate at all (Anonymous), and setting the WCF service to trust SharePoint as a token source; after this, everything works. We probably had the wrong end of the stick.
OTHER TIPS
At first you should have UPN enabled in your AD. Did you try that: http://technet.microsoft.com/en-us/library/cc262696(office.12).aspx#section6
I am not quite sure if understand your scenario correctly but it sounds like you intend to delegate to a claims enabled WCF service. In that case (although you found a work-around) you might to check out this article: http://blogs.pointbridge.com/Blogs/nielsen_travis/Pages/Post.aspx?_ID=36
