The athentication modes using Kerberos do not support the impersonation level 'Delegation'. Specify identification or impersonation.Parameter name: tokenImpersonationLevel
今天在使用WCF中的KerberosRequestorSecurityToken时候报了如题目所说的这个错误,反编译看来一下原来这个类仅仅支持
TokenImpersonationLevel.Identification 和TokenImpersonationLevel.Impersonation,
我的使用方法如下:
KerberosRequestorSecurityToken kqToken = new KerberosRequestorSecurityToken(targetPrincipal,
System.Security.Principal.TokenImpersonationLevel.Delegation,
null, "");
byte[] token = kqToken.GetRequest();
后来经过一番调查,发现在WSE中有相关的类可以使用,便将代码改成下边的样子,引用”Microsoft.Web.Services3.dll”,工作正常。
KerberosClientContext context = new KerberosClientContext(targetPrincipal, true, ImpersonationLevel.Delegation);
byte[] token = context.InitializeContext();