M
Mark D.
We have an ASP.NET application which needs to call Web Service on another
machine using end user's account. The configuration is as follows:
* Both machines are Windows Server 2003 and are in the same domain.
* Both ASP.NET application and Web Service virtual directories only allow
"Integrated Windows Authentication".
* In web.config of the ASP.NET application we have configured
"Authentication Mode" as "Windows" and "Identity Impersonate" set to "True"
* The ASP.NET application is configured to use Application Pool which runs
under "Local System" account.
* The computer account that runs the ASP.NET application is "Trusted for
delegation" in the Active Directory
* The user that accesses the ASP.NET application from a web browser does not
have the "Account is sensitive and cannot be delegated" option set in Active
Directory.
* In the ASP.NET application page which calls the Web Service we are setting
the mySvc.Credentials to System.Net.CredentialCache.DefaultCredentials before
calling the Web Service method as instructed by Q813834.
Yet, when we execute the page from the browser we are getting 401 - Access
denied coming back from the Web Service (the ASP.NET page itself executes
fine impersonating credentials of the user).
What can be the reason?
Thank you!
Mark
machine using end user's account. The configuration is as follows:
* Both machines are Windows Server 2003 and are in the same domain.
* Both ASP.NET application and Web Service virtual directories only allow
"Integrated Windows Authentication".
* In web.config of the ASP.NET application we have configured
"Authentication Mode" as "Windows" and "Identity Impersonate" set to "True"
* The ASP.NET application is configured to use Application Pool which runs
under "Local System" account.
* The computer account that runs the ASP.NET application is "Trusted for
delegation" in the Active Directory
* The user that accesses the ASP.NET application from a web browser does not
have the "Account is sensitive and cannot be delegated" option set in Active
Directory.
* In the ASP.NET application page which calls the Web Service we are setting
the mySvc.Credentials to System.Net.CredentialCache.DefaultCredentials before
calling the Web Service method as instructed by Q813834.
Yet, when we execute the page from the browser we are getting 401 - Access
denied coming back from the Web Service (the ASP.NET page itself executes
fine impersonating credentials of the user).
What can be the reason?
Thank you!
Mark