G
gbrowins
Here's my environment
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA
enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />
IE HTTP headers shows that NTLM authentication occurs for workstation
user. In global.asax, I've defined
WindowsAuthentication_OnAuthenticate() and can see incoming the
Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType =
Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>
I'm using the KerbS4U extension to create a new WindowsIdentity which
is then used to create a WindowsPrincipal for the new/overriding user:
WindowsIdentity winid = new WindowsIdentity("(e-mail address removed)");
WindowsPrincipal princ = new WindowsPrincipal(winid);
These succeed and I set the new principal to HttpContext.Current.User
& Thread.CurrentPrincipal without errors. I've defined both
Application_AuthenticateRequest() and
Application_PostAuthenticateRequest() functions in global.asax. These
show the "new" Identity in the HttpContext.Current.User &
Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the
upper-right menu of the default.aspx homepage itself still shows the
name from the initial IWA!
Does anyone have any ideas about where this is breaking down?
-Gregg
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA
enabled. Web.config has Windows auth w/ Impersonation:
<authentication mode="Windows" />
<identity impersonate="true" />
IE HTTP headers shows that NTLM authentication occurs for workstation
user. In global.asax, I've defined
WindowsAuthentication_OnAuthenticate() and can see incoming the
Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType =
Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>
I'm using the KerbS4U extension to create a new WindowsIdentity which
is then used to create a WindowsPrincipal for the new/overriding user:
WindowsIdentity winid = new WindowsIdentity("(e-mail address removed)");
WindowsPrincipal princ = new WindowsPrincipal(winid);
These succeed and I set the new principal to HttpContext.Current.User
& Thread.CurrentPrincipal without errors. I've defined both
Application_AuthenticateRequest() and
Application_PostAuthenticateRequest() functions in global.asax. These
show the "new" Identity in the HttpContext.Current.User &
Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the
upper-right menu of the default.aspx homepage itself still shows the
name from the initial IWA!
Does anyone have any ideas about where this is breaking down?
-Gregg