On a "standard" WCF service I'd simply mark up the operation methods with:
[OperationBehavior(Impersonation = ImpersonationOption.Allowed)]
But with my data service, I get an InvalidOperationException as soon as the DataServiceHost is opened:
The service operation 'ProcessRequestForMessage' that belongs to the contract with the 'IRequestHandler' name and the 'http://tempuri.org/' namespace does not allow impersonation.
How do I mark 'ProcessRequestForMessage' to allow impersonation?
Configure the behavior the following:
<behavior>
<serviceCredentials useIdentityConfiguration="true" />
<serviceAuthorization principalPermissionMode="Always" impersonateOnSerializingReply="true" />
</behavior>
See also WCF Data Service with WIF 4.5; Principal not set for POST requests