How to impersonate Nservicebus

362 views Asked by At

Hi How to impersonate Nservicebus. I am using Nservicebus 5.2 version.

I see some code for old version but that is not available in new version. Do we have some sample which demonstrate the impersonate in 5.2 version.

 Configure.With()
        .StructureMapBuilder()
        .Sagas()
        .RunTimeoutManager()
        .UnicastBus()
           .ImpersonateSender(false)

In New version there is no way to set

ImpersonateSender

Does anyone know how to pass the exact currentprincipal object up to END points?

I tried to start my endpoint by below command line. Start NServiceBus.Host.exe /displayName:"myservice" /username:"mydomain\myname" /password:"mypwd"

However when I log userName then it is not picking the same username which I used to start endpoint.

  public void Customize(BusConfiguration configuration)
        {


            configuration.UsePersistence<RavenDBPersistence>()

            Console.WriteLine("-------------------NAME--------------\n");
            Console.WriteLine(WindowsIdentity.GetCurrent().Name);
            Console.WriteLine("-------------------NAME--------------\n");


            Console.WriteLine("-------------------NAME--------------\n");
            Console.WriteLine(Thread.CurrentPrincipal.Identity.Name);
            Console.WriteLine("-------------------NAME--------------\n");
        }

output comes like: -------------------NAME--------------

MYNetworkDomain\MyMachineLoggedInNTId -------------------NAME--------------

-------------------NAME--------------

-------------------NAME--------------

1

There are 1 answers

0
Mauro Servienti On

Impersonation in .Net can have many flavors and may not end up behaving as you might expect. In v4 when .ImpersonateSender(...) was set to true the behavior was to deliver along with the message, using a message header, the identity name used at the sender endpoint, the recipient would have used the incoming message header to set up a new generic identity.

It is not a real impersonation, not to mention that impersonation to work across different machines requires delegation to be set up, with all the security concerns that delegation brings to the table. Not to mention that, AFAIK, Windows Identity impersonation can't be done at the thread level, the security token is attached to the process and can't be overwritten by a thread pretending to be a different user.

That said, nothing prevents you to build your own logic to deliver identities along with messages in order to have .Net identity/principal infrastructure setup as you like and be able to perform security checks via the Role infrastructure.