Re: Double Hop Issues

From: - Steve - (sevans_at_foundation.sdsu.edu)
Date: 06/28/04

• Next message: Seth Broomer: "cookie lose its value randomly"
• Previous message: Scott G.: "Re: Write to HTML Tag?"
• In reply to: Raterus: "Re: Double Hop Issues"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 28 Jun 2004 13:40:08 -0700

Yes I'm already impersonating the user at necessary times. That's why I'm
able to create the AD account. But then it uses WMI against the Exchange
server to create the mailbox. (I believe I'm correct on that)

Shouldn't allowing the IIS boxes computer account to delegate get this to
work?

-- 
Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"Raterus" <raterus@spam.org> wrote in message 
news:e$nF73UXEHA.2940@TK2MSFTNGP09.phx.gbl...
Forms Authentication isn't going to impersonate your logged on user because 
Forms Authentication doesn't directly authenticate these users against 
active directory.  You've created the code to check AD, and then told Forms 
Authentication if they are validated or not.
If you need to impersonate an actual user, take a look at the code found on 
this page.  http://support.microsoft.com/default.aspx?scid=kb;en-us;306158 
You should be able to easily do it, since you had their username/password at 
one point in the application.  You will have to keep track of their password 
somehow, perhaps in a FormsAuthenticationTicket, since I doubt you are 
running this code right after they log in.
Hope this helps,
--Michael
"- Steve -" <sevans@foundation.sdsu.edu> wrote in message 
news:eQuRd4TXEHA.3476@TK2MSFTNGP10.phx.gbl...
> I have a website that creates new user accounts in AD, and mailbox enables
> them in Exchange.  Everything worked fine back when I was using basic
> authentication.
>
> When I switched to Forms Based Authentication (authenticating against AD
> still) I have problems adding users to groups, and I have problems 
> creating
> the Exchange mailbox.  I can still create the mailbox just fine.
>
> I'm pretty certain this is a double hop issue.  So I tried the following.
> On the computer account for the web server I enabled delegation.  I 
> selected
> the radio button "Trust this computer for delegation to any services
> (Kerberos Only)", but that doesn't seem to fix it.
>
> Any idea what's going on here?
>
> -- 
>
> Steve Evans
> Email Services
> SDSU Foundation
> (619) 594-0708
>
>
> 

• Next message: Seth Broomer: "cookie lose its value randomly"
• Previous message: Scott G.: "Re: Write to HTML Tag?"
• In reply to: Raterus: "Re: Double Hop Issues"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint