Skip to main content

I am trying to action a worklist item via C# via the K2 WCF Service.  Locally via IIS Express/Visual Studio everything works fine.  When I deploy to a server running IIS7, the application does not impersonate and uses the app pool account, which doesn't have access to the workitem.  So I get this error: 24411 K2:VENABLEk2wks-rd from 172.29.40.81:3885 is not allowed to open the worklist item with SN=766_57.

The app pool account is set to impersonate in the K2 workspace.  Anonymous is off in the IIS setting and Windows Auth is enabled.  My code is as follows:


 


 


 




WorkflowRuntimeWCFService.



 



WorklistNavigationServiceClient SvcWorklist = new WorkflowRuntimeWCFService.WorklistNavigationServiceClient();

SvcWorklist.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.



 



TokenImpersonationLevel.Delegation;

SvcWorklist.ClientCredentials.Windows.ClientCredential = System.Net.



 



CredentialCache.DefaultNetworkCredentials;

 



 



 


WorklistItem K2WorklistItem = SvcWorklist.OpenWorklistItem(SN, true, true, true, true, true);



the web.config has
<authentication mode="Windows" />


I have also tried adding <Identity impersonate="true"/> however that gives me an ntlm error


and this in each of the bindings:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>


 

If you do not set the app pool to impersonate the logged on user, it will use the app pool ID when the call is made and you get the error you reported.


What's the error you're getting when enabling impersonation?

I got it worked out, thanks.  I needed a spn setup for my service account

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings