About ASP.NET Impersonation:

G

Guest

Hello, friends,

Our asp.net app needs to access other servers from our IIS servers. In
web.config, we set:

<identity impersonate="true"/>

However, this works on some IIS servers, and does not work on the rest of
IIS servers. We have to explicitly set:

<identity impersonate="true" userName="IISGroup\userName"
password="password" />

to make it work again.

Why? Any ideas? We don't want to have userName/password in web.config...

Thanks a lot.
 
B

Bruce Barker

standand nt creditials can not be forwarded. if iis impersonates the client,
it does not have a primary security token, and thus can not use to access a
network resource (1 hop rule).

to get around you have to switch to kerberos from ntlm, and enable
creditials forwarding (a server option) on all the network resources. see:

http://support.microsoft.com/default.aspx?scid=kb;en-us;810572


-- bruce (sqlwork.com)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

About ASP.Net Impersonation 8
Newbie question about impersonation 5
Help with impersonation. 1
Help using impersonation - permission problems. 2
ASP.NET impersonation - getfiles() problem 8
Impersonation? 1
ASP.NET Impersonation to access Oracle database... 1
Problems with Thread Impersonation 0

Members online

Total: 20 (members: 3, guests: 17)
Robots: 237

Forum statistics

Threads
473,755
Messages
2,569,534
Members
45,007
Latest member
obedient dusk

Latest Threads

Top