Fixed Impersonation vs Current login user

Discussion in 'ASP .Net Security' started by Roan Schuurman, May 11, 2004.

  1. I have a ASp.NET application which performs a http request to another
    web site on the same server but different virtual directory. when i
    set impersonate = true and a fixed account, the http request is done
    with that account. when leave the account blank (current login user)
    then the request fails because he has no account. integrated
    authentication is on, on both virtual directories.
    please some help!

    regards,

    Roan Schuurman
     
    Roan Schuurman, May 11, 2004
    #1
    1. Advertising

  2. Roan Schuurman

    Ken Schaefer Guest

    You have a double-hop authentication issue I think.

    With IWA, IIS doesn't have the user's username/password - only a token,
    which isn't sufficient to construct a new HTTP request passing credentials.

    I think you'll need to configure delegation. Here are some links:


    http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
    HOW TO: Configure an ASP.NET Application for a Delegation Scenario

    http://support.microsoft.com/?id=294382
    Authentication May Fail with "401.3" Error If Web Site's "Host Header"
    Differs from Server's NetBIOS Name

    http://support.microsoft.com/default.aspx?kbid=325894
    HOW TO: Configure Computer Accounts and User Accounts So That They Are
    Trusted for Delegation in Windows Server 2003 Enterprise Edition (also
    includes Windows 2000 instructions)

    http://www.microsoft.com/resources/...andard/proddocs/en-us/se_con_del_computer.asp
    Configuring Users and Computers for delegation (there's a couple of pages -
    use the links in the nav bar to get to them)

    Windows 2003 Protocol Transition
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx


    Cheers
    Ken


    "Roan Schuurman" <> wrote in message
    news:...
    : I have a ASp.NET application which performs a http request to another
    : web site on the same server but different virtual directory. when i
    : set impersonate = true and a fixed account, the http request is done
    : with that account. when leave the account blank (current login user)
    : then the request fails because he has no account. integrated
    : authentication is on, on both virtual directories.
    : please some help!
    :
    : regards,
    :
    : Roan Schuurman
     
    Ken Schaefer, May 12, 2004
    #2
    1. Advertising

  3. Thanks for your reaction Ken!
    Unfortunatly a already had configured everything for delegation but
    forgot to mention it. so it still doesn't work.
    I also do think it is "double hop" issue, because when i change to
    Basic authentication it will work. I don't know how to fix the double
    hop issue.
    is you have suggestions, please let me know because i am stuck.

    regards,

    roan

    "Ken Schaefer" <> wrote in message news:<eL1aXQ#>...
    > You have a double-hop authentication issue I think.
    >
    > With IWA, IIS doesn't have the user's username/password - only a token,
    > which isn't sufficient to construct a new HTTP request passing credentials.
    >
    > I think you'll need to configure delegation. Here are some links:
    >
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
    > HOW TO: Configure an ASP.NET Application for a Delegation Scenario
    >
    > http://support.microsoft.com/?id=294382
    > Authentication May Fail with "401.3" Error If Web Site's "Host Header"
    > Differs from Server's NetBIOS Name
    >
    > http://support.microsoft.com/default.aspx?kbid=325894
    > HOW TO: Configure Computer Accounts and User Accounts So That They Are
    > Trusted for Delegation in Windows Server 2003 Enterprise Edition (also
    > includes Windows 2000 instructions)
    >
    > http://www.microsoft.com/resources/...andard/proddocs/en-us/se_con_del_computer.asp
    > Configuring Users and Computers for delegation (there's a couple of pages -
    > use the links in the nav bar to get to them)
    >
    > Windows 2003 Protocol Transition
    > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx
    >
    >
    > Cheers
    > Ken
    >
    >
    > "Roan Schuurman" <> wrote in message
    > news:...
    > : I have a ASp.NET application which performs a http request to another
    > : web site on the same server but different virtual directory. when i
    > : set impersonate = true and a fixed account, the http request is done
    > : with that account. when leave the account blank (current login user)
    > : then the request fails because he has no account. integrated
    > : authentication is on, on both virtual directories.
    > : please some help!
    > :
    > : regards,
    > :
    > : Roan Schuurman
     
    Roan Schuurman, May 25, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Giovanni Bassi
    Replies:
    0
    Views:
    667
    Giovanni Bassi
    Oct 20, 2003
  2. Not Me
    Replies:
    6
    Views:
    1,010
    Norman Yuan
    Dec 20, 2006
  3. JimLad
    Replies:
    0
    Views:
    465
    JimLad
    Jan 16, 2009
  4. Tony Johansson
    Replies:
    3
    Views:
    16,421
    Patrice
    Jan 2, 2010
  5. ADavis

    ASP.NET Fixed Identity Impersonation

    ADavis, Jul 18, 2005, in forum: ASP .Net Security
    Replies:
    16
    Views:
    271
    ADavis
    Jul 20, 2005
Loading...

Share This Page