Fixed Impersonation vs Current login user

R

Roan Schuurman

I have a ASp.NET application which performs a http request to another
web site on the same server but different virtual directory. when i
set impersonate = true and a fixed account, the http request is done
with that account. when leave the account blank (current login user)
then the request fails because he has no account. integrated
authentication is on, on both virtual directories.
please some help!

regards,

Roan Schuurman
 
K

Ken Schaefer

You have a double-hop authentication issue I think.

With IWA, IIS doesn't have the user's username/password - only a token,
which isn't sufficient to construct a new HTTP request passing credentials.

I think you'll need to configure delegation. Here are some links:


http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
HOW TO: Configure an ASP.NET Application for a Delegation Scenario

http://support.microsoft.com/?id=294382
Authentication May Fail with "401.3" Error If Web Site's "Host Header"
Differs from Server's NetBIOS Name

http://support.microsoft.com/default.aspx?kbid=325894
HOW TO: Configure Computer Accounts and User Accounts So That They Are
Trusted for Delegation in Windows Server 2003 Enterprise Edition (also
includes Windows 2000 instructions)

http://www.microsoft.com/resources/...andard/proddocs/en-us/se_con_del_computer.asp
Configuring Users and Computers for delegation (there's a couple of pages -
use the links in the nav bar to get to them)

Windows 2003 Protocol Transition
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx


Cheers
Ken


: I have a ASp.NET application which performs a http request to another
: web site on the same server but different virtual directory. when i
: set impersonate = true and a fixed account, the http request is done
: with that account. when leave the account blank (current login user)
: then the request fails because he has no account. integrated
: authentication is on, on both virtual directories.
: please some help!
:
: regards,
:
: Roan Schuurman
 
R

Roan Schuurman

Thanks for your reaction Ken!
Unfortunatly a already had configured everything for delegation but
forgot to mention it. so it still doesn't work.
I also do think it is "double hop" issue, because when i change to
Basic authentication it will work. I don't know how to fix the double
hop issue.
is you have suggestions, please let me know because i am stuck.

regards,

roan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

asp.net impersonation 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
programmatically login using LDAP and impersonation 9
Impersonation and Anonymous User 1
The pest of Impersonation 2
User unable to login ... 0
Impersonation fails on intranet site 0
Can't get Impersonation / delegation to work 2

Members online

No members online now.
Total: 33 (members: 0, guests: 33)
Robots: 234

Forum statistics

Threads
473,777
Messages
2,569,604
Members
45,227
Latest member
Daniella65

Latest Threads

Top