|
Fixed Impersonation vs Current login user
I have a ASp.NET application which performs a http request to another
web site on the same server but different virtual directory. when i set impersonate = true and a fixed account, the http request is done with that account. when leave the account blank (current login user) then the request fails because he has no account. integrated authentication is on, on both virtual directories. please some help! regards, Roan Schuurman |
Re: Fixed Impersonation vs Current login user
You have a double-hop authentication issue I think.
With IWA, IIS doesn't have the user's username/password - only a token, which isn't sufficient to construct a new HTTP request passing credentials. I think you'll need to configure delegation. Here are some links: http://support.microsoft.com/default...b;en-us;810572 HOW TO: Configure an ASP.NET Application for a Delegation Scenario http://support.microsoft.com/?id=294382 Authentication May Fail with "401.3" Error If Web Site's "Host Header" Differs from Server's NetBIOS Name http://support.microsoft.com/default.aspx?kbid=325894 HOW TO: Configure Computer Accounts and User Accounts So That They Are Trusted for Delegation in Windows Server 2003 Enterprise Edition (also includes Windows 2000 instructions) http://www.microsoft.com/resources/d...l_computer.asp Configuring Users and Computers for delegation (there's a couple of pages - use the links in the nav bar to get to them) Windows 2003 Protocol Transition http://www.microsoft.com/technet/pro.../constdel.mspx Cheers Ken "Roan Schuurman" <roan_schuurman@hotmail.com> wrote in message news:3547a0e2.0405110734.4d69a1d5@posting.google.c om... : I have a ASp.NET application which performs a http request to another : web site on the same server but different virtual directory. when i : set impersonate = true and a fixed account, the http request is done : with that account. when leave the account blank (current login user) : then the request fails because he has no account. integrated : authentication is on, on both virtual directories. : please some help! : : regards, : : Roan Schuurman |
Re: Fixed Impersonation vs Current login user
Thanks for your reaction Ken!
Unfortunatly a already had configured everything for delegation but forgot to mention it. so it still doesn't work. I also do think it is "double hop" issue, because when i change to Basic authentication it will work. I don't know how to fix the double hop issue. is you have suggestions, please let me know because i am stuck. regards, roan "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message news:<eL1aXQ#NEHA.128@TK2MSFTNGP12.phx.gbl>... > You have a double-hop authentication issue I think. > > With IWA, IIS doesn't have the user's username/password - only a token, > which isn't sufficient to construct a new HTTP request passing credentials. > > I think you'll need to configure delegation. Here are some links: > > > http://support.microsoft.com/default...b;en-us;810572 > HOW TO: Configure an ASP.NET Application for a Delegation Scenario > > http://support.microsoft.com/?id=294382 > Authentication May Fail with "401.3" Error If Web Site's "Host Header" > Differs from Server's NetBIOS Name > > http://support.microsoft.com/default.aspx?kbid=325894 > HOW TO: Configure Computer Accounts and User Accounts So That They Are > Trusted for Delegation in Windows Server 2003 Enterprise Edition (also > includes Windows 2000 instructions) > > http://www.microsoft.com/resources/d...l_computer.asp > Configuring Users and Computers for delegation (there's a couple of pages - > use the links in the nav bar to get to them) > > Windows 2003 Protocol Transition > http://www.microsoft.com/technet/pro.../constdel.mspx > > > Cheers > Ken > > > "Roan Schuurman" <roan_schuurman@hotmail.com> wrote in message > news:3547a0e2.0405110734.4d69a1d5@posting.google.c om... > : I have a ASp.NET application which performs a http request to another > : web site on the same server but different virtual directory. when i > : set impersonate = true and a fixed account, the http request is done > : with that account. when leave the account blank (current login user) > : then the request fails because he has no account. integrated > : authentication is on, on both virtual directories. > : please some help! > : > : regards, > : > : Roan Schuurman |
| All times are GMT. The time now is 09:43 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.