Flow Original Caller Identity for Auditing
We're implementing services that will utilize Windows Authentication with WCF services running in a trusted subsystem. However, we need to perform database auditing that will associate the name of the original caller with certain transactions. In order to accomplish this, it seems like we need to somehow allow the identity of the original caller to flow with the request, even though it eventually runs under the service account associated with the trusted subsystem. The request may also pass through more than one service on its way to the database.
Are there any best practices or patterns already in place that we could use to accomplish this? Or, is there something really obvious I'm missing that makes this easy?
I've started thinking about adding the original caller's credentials to all service contracts to achieve the affect of customizing the SOAP message with this information. However, I believe I'll also have to flow this information through my .NET code internal to the services, if the request will pass through multiple services. It would be nice not to have to write a lot of code everywhere to make sure these credentials are available in the database.
Thanks,
David Madrian
