ServiceAPI impersonation

The configuration section of the ServiceAPI help documents a handy little property called 'trustedToImpersonate'.  This allows your ServiceAPI to choose to trust one or more calling services.

Scenario

This can be useful in a server to server scenario where passing the actual user credentials to the ServiceAPI is not practical.

Configuration

To allow a particular account to impersonate others users set their name in the hptrim.config file as seen below.  TrustedToImpersonate is a regular expression so you can list multiple accounts if you need to.

<hptrim
  serviceFeatures="Razor,Html,Json,Xml,PredefinedRoutes" 
  trustedToImpersonate="trim\\davidc"
  ...
</hptrim>       

Usage

To impersonate someone using the .Net client librarys use the SetUserToImpersonate() method.

TrimClient client = new TrimClient("http://MyServer/ServiceAPI");
client.Credentials = new NetworkCredential("davidc", "my password", "trim");
client.SetUserToImpersonate("someone\\else");

To impersonate from a different context simply send an HTTP header named 'userToImpersonate' with the value being the user's name along with each request.

Written on June 8, 2017