Re: Double hop reloaded
- From: "Sharon" <sharon@xxxxxxxxx>
- Date: Thu, 31 Mar 2005 19:55:00 +0200
Thank you Scott & Brock vary much.
Maybe i'm in a pickle, but i'm out of the confusion.
Another option i have is revert to the old DB based app,
but that means rewriting a large portion of the code.
Basic authentication is becoming more and more appealing.
Thanks again.
Sharon.
"Brock Allen" <ballen@xxxxxxxxxxxxxxxxx> wrote in message
news:316360632478635551556688@xxxxxxxxxxxxxxxxxxxxxxx
> Then you're in a pickle. You either need to 1) setup a domain user for
your
> ASP.NET application that has the right creds for your AD, 2) enable the
delegation
> for your AD users if you're using integrated auth, or 3) switch to using
> basic auth (over SSL, of course).
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
> > No i can't.
> > This project is for a very large organization,
> > and the department that controls the domain users,
> > will never allow it.
> > As a part of the policy, all users must change their passwords
> > periodically.
> > So any hard coded user name and password, will eventually fail.
> > I tried disabling Impersonation, and still login fails.
> > Thanks.
> > Sharon.
> > "Scott Allen" <scott@xxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:3kvn41hbe3npv05n25mki022qg2a0tnda7@xxxxxxxxxx
> >
> >> Hi Sharon:
> >>
> >> What you'll have to do is use an identity that the AD server
> >> understands. Perhaps you could run the worker process under a domain
> >> account with enough permissions in AD?
> >>
> >> --
> >> Scott
> >> http://www.OdeToCode.com/blogs/scott/
> >> On Thu, 31 Mar 2005 13:29:58 +0200, "Sharon" <sharon@xxxxxxxxx>
> >> wrote:
> >>
> >>> Thanks Scott.
> >>> This is a "bit" confusing.
> >>> As i understand it so far, delegation is only possible using
> >>> Kerberos,
> >>> and all users in Active Directory have to be marked for delegation.
> >>> Unfortunately, the fruit basket will not work here, and i've ruled
> >>> out
> >>> pumping laughter gas into the IT room ventilation system.
> >>> What if i revert to the IIS identity before the Active Directory
> >>> query?
> >>> Problem is, how do i get the WindowsImpersonationContext, to call
> >>> Undo
> >>> method?
> >>> The only other solution is to use Basic authentication, which i
> >>> don't
> > like.
> >
> >>> Sharon.
> >>>
> >>> "Scott Allen" <scott@xxxxxxxxxxxxxxxxxxxx> wrote in message
> >>> news:n84m41p0vmrvmegj4rnmrr10go4lsv65a5@xxxxxxxxxx
> >>>
> >>>> Yes, I have some links to delegation resources on my blog:
> >>>>
> >>>> http://odetocode.com/Blogs/scott/archive/2005/02/24/1053.aspx
> >>>>
> >>>> --
> >>>> Scott
> >>>> http://www.OdeToCode.com/blogs/scott/
> >>>> On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sharon@xxxxxxxxx>
> >>>> wrote:
> >>>>
> >>>>> Hi to all..
> >>>>> I'm using impersonation, combined with windows authentication.
> >>>>> When the page tries to connect to active directory,
> >>>>> i get login failure, due to double hop issue.
> >>>>> As i understand it, the iis does not receive a
> >>>>> primary token, so how can i authenticate against Active directory?
> >>>>> Is it possible to delegate, when using impersonation and windows
> >>>>> authentication?
> >>>>> Thanks.
> >>>>> Sharon.
>
>
>
.
- References:
- Re: Double hop reloaded
- From: Sharon
- Re: Double hop reloaded
- From: Brock Allen
- Re: Double hop reloaded
- Prev by Date: Re: Looking for a good validation control
- Next by Date: QueryString
- Previous by thread: Re: Double hop reloaded
- Next by thread: Retrieving index for a particular row from dataset
- Index(es):
Relevant Pages
|
