impersonate/delegate problem

J

Jerry

Ok.. so I've read and seen lot of messages and MSDN docs concerning the
above issue.. how do I get it to work?
I want to impersonate the current user accessing my website...
so I turn on the site directory security to NOT allow anonymous but turn ON
integrated windows authentication.
Then I change the web.config to allow impersonate = "true".

So far so good.. this setting will allow me to run the request process from
the user to the webserver under the current users identity...

Now that same process needs to access some network resources..specifically
see if some windows services are running on network servers... so I need to
"delegate" the current users identity to the ASPNET...

but I thought the impersonate="true" would do that but I guess it doesn't..
It looks like the impersonate is only for the process b/w the client and
webserver.

seeing how we are running Win2000 servers and desktops.. and using Active
Directory..
what more do I need to get delegate to work?

I want to be able to use the user's identity for the delegate..

I've tried setting a valid username and password in the webconfig but I
don't want to use that.. since it opens up the
id/pwd to everyone in the development group..

Do I have to turn on the property for the webserver to support delegate in
the AD?


Thanks,
Jerry
 
J

Jerry

Also, the machines involved are all Win2000 running Active Directory...
The client machine is Win2000Pro. The servers are all Win2000 servers.
-jerry
 
S

Steffen Krause

Is the "trust this computer for delegation" checkbox checked for all
servers?

Regards,
Steffen
 
J

Jerry

NO, they are not.. in fact that is my question..
In AD, does "trust this computer to delegate" must be checked to have
delegation work across
the network?

-jerry
 
R

Rich

Not sure if you found the answer to this question, but
that's exactly what we had to do(enable delegation on the
webserver from within AD users and computers) to pass the
original callers identity to our remote resource. Our
network folks are looking into the cons of allowing this
on our production network. They don't want to create a
possible security risk. I'm trying to find out more info
about the potential risks of turning this on.
 
J

Jerry

Thanks Rich..

I did get it to work once that was turned on..
Without that feature, you don't have delegation so I'm not sure if you have
a choice...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Impersonate 6
impersonate 0
impersonate problem 1
Get info for impersonate 1
Impersonate vs RunAs user 1
To Be or To Impersonate, that is the Question 1
delegate and unless for __ 4
Typed Datasets and Delegate signatures 1

Members online

No members online now.
Total: 35 (members: 1, guests: 34)
Robots: 199

Forum statistics

Threads
473,767
Messages
2,569,570
Members
45,045
Latest member
DRCM

Latest Threads

Top