Here's my environment
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
IE HTTP headers shows that NTLM authentication occurs for workstation user. In global.asax, I've defined WindowsAuthentication_OnAuthenticate() and can see incoming the Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType = Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>
I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:
These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!
Does anyone have any ideas about where this is breaking down?
-Gregg
Win2003 Standard SP2, IIS 6.0, MOSS 2007, .NET 2.0.50727
IIS website uses MOSS 2007 "Team Site" template and has only IWA enabled. Web.config has Windows auth w/ Impersonation:
Code:
<authentication mode="Windows" />
<identity impersonate="true" />
IE HTTP headers shows that NTLM authentication occurs for workstation user. In global.asax, I've defined WindowsAuthentication_OnAuthenticate() and can see incoming the Principal/Identity values as:
WindowsAuthenticationEventArgs.Identity.Name = ACME\testuser
WindowsAuthenticationEventArgs.Identity.AuthenticationType = Negotiate
HttpContext.User.Identity = null
Thread.CurrentPrincipal.Identity = <blank>
I'm using the KerbS4U extension to create a new WindowsIdentity which is then used to create a WindowsPrincipal for the new/overriding user:
Code:
WindowsIdentity winid = new WindowsIdentity("[email protected]");
WindowsPrincipal princ = new WindowsPrincipal(winid);
These succeed and I set the new principal to HttpContext.Current.User & Thread.CurrentPrincipal without errors. I've defined both Application_AuthenticateRequest() and Application_PostAuthenticateRequest() functions in global.asax. These show the "new" Identity in the HttpContext.Current.User & Thread.CurrentPrincipal, but the "Welcome <DOMAIN\username>" in the upper-right menu of the default.aspx homepage itself still shows the name from the initial IWA!
Does anyone have any ideas about where this is breaking down?
-Gregg