Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > About ASP.NET Impersonation:

Reply
Thread Tools

About ASP.NET Impersonation:

 
 
=?Utf-8?B?QW5kcmV3?=
Guest
Posts: n/a
 
      12-14-2005
Hello, friends,

Our asp.net app needs to access other servers from our IIS servers. In
web.config, we set:

<identity impersonate="true"/>

However, this works on some IIS servers, and does not work on the rest of
IIS servers. We have to explicitly set:

<identity impersonate="true" userName="IISGroup\userName"
password="password" />

to make it work again.

Why? Any ideas? We don't want to have userName/password in web.config...

Thanks a lot.
 
Reply With Quote
 
 
 
 
Bruce Barker
Guest
Posts: n/a
 
      12-14-2005
standand nt creditials can not be forwarded. if iis impersonates the client,
it does not have a primary security token, and thus can not use to access a
network resource (1 hop rule).

to get around you have to switch to kerberos from ntlm, and enable
creditials forwarding (a server option) on all the network resources. see:

http://support.microsoft.com/default...b;en-us;810572


-- bruce (sqlwork.com)



"Andrew" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Hello, friends,
>
> Our asp.net app needs to access other servers from our IIS servers. In
> web.config, we set:
>
> <identity impersonate="true"/>
>
> However, this works on some IIS servers, and does not work on the rest of
> IIS servers. We have to explicitly set:
>
> <identity impersonate="true" userName="IISGroup\userName"
> password="password" />
>
> to make it work again.
>
> Why? Any ideas? We don't want to have userName/password in web.config...
>
> Thanks a lot.



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments