Re: Is Delegation Necessary?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Jul 8, 5:30 pm, "Mark Rae [MVP]" <m...@xxxxxxxxxxxxxxxxx> wrote:
"headware" <david.k.l...@xxxxxxxxx> wrote in message

news:56df8081-c783-4d30-b675-4b3c995e5af7@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

If so, why is this working?

Because it's not necessary in this case...

Would you please explain why it's not required in this case?

I'm not quite sure how to answer your question - it's not required because
it's not required, in the same way that it's not required to use a web
service, or AJAX, or remoting, or <insert any particular technology you
like> to query an Excel file with ADO.NET.

Perhaps it might be simpler if you explain why you think it should be
required...?

--
Mark Rae
ASP.NET MVPhttp://www.markrae.net

Well, I've read in several places that it's required in order to
access network resources. Here are some examples:

From Microsoft:
http://msdn.microsoft.com/en-us/library/ms998351.aspx
"you can use impersonation to access local resources . . . Delegation
allows you to use an impersonation token to access network resources."

Non-Microsoft:
http://www.infosysblogs.com/microsoft/2009/02/impersonation_and_delegation_t.html
"In summary, impersonation is pretending to be someone else, other
than the process identity, and access local resources . . . delegation
is authentication across machine boundary on behalf of someone else."

I don't have a lot of experience with impersonation and delegation so
it's entirely possible that I'm misunderstanding this. If that's the
case, maybe you could give me an example of when it would be necessary
to use delegation and why impersonation wouldn't be sufficient.

Thanks,
Dave
.

Relevant Pages

  • Re: Total Confusion! - ACLs and Windows authentication with no impersonation
    ... permissions are checked, and not in IIS. ... account - regardless of the impersonation settings. ... You have aspx pages..and you have the resources this page wants to get at. ... When anonymous authentication is disabled, yes the page itself MUST have ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: accessing WebService from asp.net App on load balanced Servers
    ... Would Constrained Delegation not give me a solution here? ... Original user impersonation will carry through to the back end server?? ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Kerberos delegation trauma
    ... Kerberos delegation won't solve this. ... > when the tool on my machine tries to access the server. ... On my machine I have set IE to have Enable Integrated Windows ... > my IIS for my web application directory and have impersonation set ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Expired Tickets - Delegation vs S4U
    ... I haven't as yet tried this method of mixing the two delegation models ... question is will it get round the ticket lifetime of ten hours - do S4U ... go from integrated authentication (with impersonation disabled at the ... Standard Kerberos delegation is being used for the authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Service Account replaced by IUSR ??
    ... Joe Kaplan wrote: ... Based on what I read below, it sounds like you just want to use the fixed process account for accessing remote resources, so delegation should not matter. ... you should also able to avoid impersonation as well since you would generally only impersonate if you need to delegate or access local resources with the security context of the authenticated user. ...
    (microsoft.public.dotnet.framework.aspnet.security)