Trying to work around double hops


G

ghause

I have a web application on server1 and a web service on server2. They both
require integrated authentication. Kerberos is not an option.

I'm trying to do the following, but I don't know if it can work, or if I am
going in the right direction.

1. Create web service to act as a proxy on server1 using integrated
authentication
2. Run this service in its own application pool under a domain user account.
3. Theoritically I can run the service on server1 as this domain user,
passing those credentials to the service on server2 which is configured to
accept requests from this user. This service could also be called by the app
on server1 because they are on the same box. Server (2003)

I can not get the proxy to return me anything but my own id when requesting
WindowsIdentityName or Thread.CurrentPrincipal.Identity.Name.

This makes me think, I am missing something minor, or what I am trying to do
is impossible. I would rather not explicitly impersonate this generic user if
I do not have to.

TIA
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top