ASP.NET Impersonation & Delegation

Discussion in 'ASP .Net Security' started by Brian, Dec 31, 2003.

  1. Brian

    Brian Guest

    I have read various articles regarding explaining ASP.Net
    security model. I have one simple question regarding
    Delegation that i can't seemed to get answered:

    I have a web service that opens a file on another server
    and reads the contents.

    If I set an IIS application to Anoymous which uses a
    domain account, I also set-up Impersonate = True in
    web.config, do I need to turn on Kerebos Delegation for
    the web server or the other server?

    My understanding is that the ASP.NET will impersonate the
    Domain account and since IIS knows the password it passes
    it successfully to the other server which also receives
    the credentials. However,if another hop was involved,
    delegation would be required.
     
    Brian, Dec 31, 2003
    #1
    1. Advertising

  2. Brian,

    In order to avoid misinformation, let me restate my understanding of your
    question:

    * Your ASP.NET Web Serivce is accessing a file on a remote machine.
    * You are using Anonymous access in IIS and the anonymous user is
    specified by you as a domain account.
    * You have non-user-specific impersonation turned on in the web.config.

    You are then asking if you need to use Kerberos in this scenario. The
    answer is no. In this scenario, there is no delegation of credentials
    taking place.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Microsoft Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >Content-Class: urn:content-classes:message
    >From: "Brian" <>
    >Sender: "Brian" <>
    >Subject: ASP.NET Impersonation & Delegation
    >Date: Wed, 31 Dec 2003 12:05:16 -0800
    >Lines: 17
    >Message-ID: <00df01c3cfd9$68b4ad30$>
    >MIME-Version: 1.0
    >Content-Type: text/plain;
    > charset="iso-8859-1"
    >Content-Transfer-Encoding: 7bit
    >X-Newsreader: Microsoft CDO for Windows 2000
    >Thread-Index: AcPP2WiyMkCSAZYaRBOvme9Q1J2NKA==
    >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Path: cpmsftngxa07.phx.gbl
    >Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:8092
    >NNTP-Posting-Host: tk2msftngxa13.phx.gbl 10.40.1.165
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >I have read various articles regarding explaining ASP.Net
    >security model. I have one simple question regarding
    >Delegation that i can't seemed to get answered:
    >
    >I have a web service that opens a file on another server
    >and reads the contents.
    >
    >If I set an IIS application to Anoymous which uses a
    >domain account, I also set-up Impersonate = True in
    >web.config, do I need to turn on Kerebos Delegation for
    >the web server or the other server?
    >
    >My understanding is that the ASP.NET will impersonate the
    >Domain account and since IIS knows the password it passes
    >it successfully to the other server which also receives
    >the credentials. However,if another hop was involved,
    >delegation would be required.
    >
     
    Jim Cheshire [MSFT], Dec 31, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kelly D. Jones

    Problem with impersonation and delegation

    Kelly D. Jones, Sep 4, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,826
  2. jm
    Replies:
    1
    Views:
    1,935
    bruce barker
    Dec 20, 2003
  3. bruce barker

    Re: ASP.NET Impersonation / delegation

    bruce barker, Apr 28, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    4,118
    =?Utf-8?B?TWFnZGVsaW4=?=
    May 4, 2004
  4. Patrick
    Replies:
    3
    Views:
    524
    David Wang
    Nov 16, 2006
  5. Sam Roberts
    Replies:
    4
    Views:
    318
    Sam Roberts
    May 7, 2008
Loading...

Share This Page