I am writing a webService that is going to be accessed anonymously (I don't
want to "configurable" depend on windows integrated authentication). But I
still want to authenticate the client (or rather the user using the client).

Because of this I want to send the WindowsPrincipal from the client to the
webService in the SoapHeader. I don't want to send the credentials (userName,
password and domain) because I want the client to be unaware of what account
it runs at and since there may be several client applications (UIF
applications, not ASP.Net applications) I don't want to make the user logon
into each UIF.

The idea is to let user logon to his/her computer and start the UIF
applications. This client app (consumer of webService) gets the current
WindowsPrincipal, serializes it (into a byte array using the BnaryFormatter),
encrypts it and sends it to the webService. The webService in turn decrypts
the message, deserialize the WindowsPrincipal and impersonates it.

That's the idea, and it is quite successfull up until the point where I try
to deserialize the WindowsPrincipal. It throws an exception saying "Invalid
token : it cannot be duplicated".

Obviously it is possible to send the WindowsPrincipal since Windows
Integrated Authentication does just that. So, is there a trick to
(de)serialization that I'm unaware of or is this object just not sendable by
anyone not in access of Microsoft specific mechanisms in the OS or the .Net
framework?