I am converting some old Web Services to Web API, and this includes an AZROLESLib utility that gets information from AzMan. When I make the following call:
_applicationStore.Initialize(0, authorizationStore, null);
I receive the following exception:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
The previous version uses the following to get around this:
Service.Credentials = System.Net.CredentialCache.DefaultCredentials;
What do I need to do to gain access the Authorization Store? I have tried it both on a network location and on the local PC, and both have the same authorization problem. I am on an office network with network security provided by the company, so access to files is restricted to users. I believe this is trying to perform the tasks as the IIS user instead of using my user. Is there any way to ensure that it will call this with the current user's credentials instead of IIS APPPOOL\\ASP.NET v4.0
Edit
I am able to use it within the context of an html page and javascript calls to the web API, so the issue comes when I am calling it from another web application (also using Windows Authentication). Apparently, the other web application is using the app pool credentials instead of the current user's login credentials when calling the functions from the Web API.
It doesn't work from a second web application because you are trying to use an impersonated context twice, across the network. This is popularly known as the "double hop" problem. Read more here:
In short, if you authenticate from A to B using NTLM (windows integrated authentication), B cannot "reuse" the authentication token to contact point C.