Re: ASP.NET and integrated Authentication

From: Scott Allen (bitmask_at_[nospam)
Date: 08/23/04 

Date: Mon, 23 Aug 2004 09:56:19 -0400

Hi Mohamed:

Are you using impersonation? There is a one-hop limit for the
credentials when using impersonation unless you enable kerberos
delegation. The credentials make one hop from the browser to a remote
web server, then the web server cannot make a second hop with those
credentials to the AD server. You might consider running the web
application uinder a domain account instead of the local ASPNET
account. 

--
Scott
http://www.OdeToCode.com
On Mon, 23 Aug 2004 11:01:06 +0300, "Mohamed Zaki"
<m_o_z_a_k_i@link.net> wrote:
>Dear All,
>
>I developed asp.net application that using integrated security, i'm getting
>the logged on username from "User.Identity.name" and using directoryservices
>namespace to get the user information from the domain, the problem now that
>when i start the machine or restart iis and try to access my web application
>through any remote machine i get errors, but if i restarted the iis and
>opened the web application locally "using the localhost alias" the web
>application opens fine then all the users over the network can open the web
>application, however i think it's releated to the account that being used to
>access the active directory to retrieve the information.
>
>is any one  faced this problem ?!
>
>Regards,
>Mohamed
>

Relevant Pages

  • Re: SetPassword access denied
    ... That said, I think one thing worth pointing out is that in both cases here, your code is supplying credentials to the DirectoryEntry constructor. ... the identity of the current thread (established either via impersonation or using the process token without impersonation) is NOT the account that is used for performing remote activities in the directory. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Login failure when using ActiveDirectoryMembershipProvider
    ... The AD membership provider disables impersonation when it does its DS ... default credentials, you need to change the credentials in your processModel ... in machine.config to a domain account for testing purposes. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: confused about credentials in impersonation
    ... As in a traditional ASP.Net application the logged in user making the ... If impersonation is not turned on then the user credentials that will be ... > account or server's accounts or server's administration account or domain ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Windows authentication for web service client??
    ... I have a web service that make a webDav request to Exchange. ... I have impersonation on but when I use the defaultCredentials in the web ... credentials have rights to make this request and I'm at my wits end trying ... >>> The ASPNET account is a local account, so the other machine or domain ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: ASP.NET access to DFS share problem
    ... How about if impersonation was turned off -- it would then be using the ... ASPNET worker process account, correct? ... a primary token can hop to one more ... > In order for tokens to hop freely from machine to machine, ...
    (microsoft.public.dotnet.security)