I am trying to action a worklist item via C# via the K2 WCF Service. Locally via IIS Express/Visual Studio everything works fine. When I deploy to a server running IIS7, the application does not impersonate and uses the app pool account, which doesn't have access to the workitem. So I get this error: 24411 K2:VENABLEk2wks-rd from 172.29.40.81:3885 is not allowed to open the worklist item with SN=766_57.
The app pool account is set to impersonate in the K2 workspace. Anonymous is off in the IIS setting and Windows Auth is enabled. My code is as follows:
WorkflowRuntimeWCFService.
WorklistNavigationServiceClient SvcWorklist = new WorkflowRuntimeWCFService.WorklistNavigationServiceClient();
SvcWorklist.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.
TokenImpersonationLevel.Delegation;
SvcWorklist.ClientCredentials.Windows.ClientCredential = System.Net.
CredentialCache.DefaultNetworkCredentials;
WorklistItem K2WorklistItem = SvcWorklist.OpenWorklistItem(SN, true, true, true, true, true);
the web.config has
<authentication mode="Windows" />
I have also tried adding <Identity impersonate="true"/> however that gives me an ntlm error
and this in each of the bindings:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>