Web Services API: User Impersonation with ImpersonateUsername parameter

As of WorkflowGen version 5.6.3, all user context-based API web methods support impersonation. This means that an authorized user can call a web method on behalf of another user.


The impersonation feature is restricted to allowed users as defined in the ProcessesRuntimeWebServiceAllowedUsers entry in the \wfgen\web.config file.


There are two ways to set the ImpersonateUsername value:

  • As a querystring parameter; in this example, a list of todo actions for jsmith:


  • As a SOAP header parameter; in this example, to complete an action on behalf of jsmith:

    // Settings and parameters
    CompleteActivityInstanceHeader myCompleteActivityInstanceHeader = new CompleteActivityInstanceHeader();
    // Set NetworkCredentials with the credentials of the current connected user
    RuntimeService myRuntimeService = new RuntimeService();
    myRuntimeService.CompleteActivityInstanceHeaderValue = myCompleteActivityInstanceHeader;
    myRuntimeService.Credentials = CredentialCache.DefaultCredentials;
    // Call the Web Service API method

The ImpersonateUsername parameter is being ignored when using the URL below.


Instead it’s using the URL that i’m authenticating with.


I just tested on the latest version. The impersonateusername parameter does work fine.

Make sure the username of the person using the impersonation is defined in the WorkflowGen main web.config’s parameter ProcessesRuntimeWebServiceAllowedUsers as indicated in the article above.

e.g. <add key="ProcessesRuntimeWebServiceAllowedUsers" value="wfgen_admin" />

In this example, wfgfen_admin can impersonate jsmith when specifying impersonateusername=jsmith in the URL.