Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Delegation user's credential from webserver to backend server through terminal service

Reply
Thread Tools

Delegation user's credential from webserver to backend server through terminal service

 
 
culeno
Guest
Posts: n/a
 
      05-19-2005
I have an intranet application within a domain. Following the KB
article: How to configure an ASP.NET application for a delegation
scenario
(http://support.microsoft.com/default...b;en-us;810572) allows
us to impersonate user's credential from the web server to the back end
server (SQL and Reporting service server). It works fine if user logs
in within the domain and launch the application.

The problem happens when the users work at home and use Windows 2003
terminal service (not in the same domain as the web app and SQL) to log
on, and then launch the web app. We noticed that the authentication
method is NTLM instead of Kerberos when accessing the web app through
the terminal service (since they don't belong to the same domain).
Maybe this is the reason why the delegation doesn't work anymore? Can
anybody tell me how to make it work?

Thanks.
Jerry

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-19-2005
Delegation is a Kerberos feature, so that would stand to reason. I'd work
with your admins to see if you can get the terminal services machines to use
Kerberos. Otherwise, your strategy won't work in that configuration.

Joe K.

"culeno" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have an intranet application within a domain. Following the KB
> article: How to configure an ASP.NET application for a delegation
> scenario
> (http://support.microsoft.com/default...b;en-us;810572) allows
> us to impersonate user's credential from the web server to the back end
> server (SQL and Reporting service server). It works fine if user logs
> in within the domain and launch the application.
>
> The problem happens when the users work at home and use Windows 2003
> terminal service (not in the same domain as the web app and SQL) to log
> on, and then launch the web app. We noticed that the authentication
> method is NTLM instead of Kerberos when accessing the web app through
> the terminal service (since they don't belong to the same domain).
> Maybe this is the reason why the delegation doesn't work anymore? Can
> anybody tell me how to make it work?
>
> Thanks.
> Jerry
>



 
Reply With Quote
 
 
 
 
culeno
Guest
Posts: n/a
 
      05-19-2005
Thanks Joe for your answering. Can you point me to some articles on how
to enable Kerberos between two domains (or between a machine and a
domain)?

Jerry

 
Reply With Quote
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-19-2005
http://www.microsoft.com/technet/pro.../tkerberr.mspx

This is the best Kerb paper I know of. You'll probably need some help from
your network and AD admins on this as well. There must at the very least by
a trust relationship between the two domains. That much I know for sure.

Joe K.

"culeno" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thanks Joe for your answering. Can you point me to some articles on how
> to enable Kerberos between two domains (or between a machine and a
> domain)?
>
> Jerry
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
open a new terminal window from another terminal window in linux/unixsystem gaurav kashyap Python 3 10-31-2008 12:10 PM
delegation question, where I want prototype style delegation Sam Roberts Ruby 4 05-07-2008 05:48 AM
Simple task works when MS SQL Server is the backend but not when MySQL is the backend. Ted ASP .Net 1 02-22-2007 08:33 PM



Advertisments