Trying to work around double hops

Discussion in 'ASP .Net Security' started by ghause, Apr 6, 2009.

  1. ghause

    ghause Guest

    I have a web application on server1 and a web service on server2. They both
    require integrated authentication. Kerberos is not an option.

    I'm trying to do the following, but I don't know if it can work, or if I am
    going in the right direction.

    1. Create web service to act as a proxy on server1 using integrated
    authentication
    2. Run this service in its own application pool under a domain user account.
    3. Theoritically I can run the service on server1 as this domain user,
    passing those credentials to the service on server2 which is configured to
    accept requests from this user. This service could also be called by the app
    on server1 because they are on the same box. Server (2003)

    I can not get the proxy to return me anything but my own id when requesting
    WindowsIdentityName or Thread.CurrentPrincipal.Identity.Name.

    This makes me think, I am missing something minor, or what I am trying to do
    is impossible. I would rather not explicitly impersonate this generic user if
    I do not have to.

    TIA
     
    ghause, Apr 6, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.