Re: impersonation from IIS to a Windows Service

From: Mike Douglas (mikedouglas_at_doitconsultants.com)
Date: 03/26/05

  • Next message: Ahmed: "Re: Singleton Objects Dying" 
    Date: Sat, 26 Mar 2005 08:28:10 -0600

    Hi Melissa,

    Impersonation only works with one server hop. If you have to make two
    hops then you will have to enable kerberos delegation. There is
    actually a good article on genuinechannels.com about this.
    http://www.genuinechannels.com/Content.aspx?id=113&type=1

    Also make sure on you web service to have impersonation turn on in the
    config and have anonymous access disabled on your virtual directory
    security.

    I hope this helps,

    Mike Douglas

    On Tue, 22 Mar 2005 09:18:27 -0800, Melissa Lewis
    <devdex@thisismyproblemhow.com> wrote:

    >Hi,
    >
    >I'm not sure if this is the best newsgroup to be posting on, so please
    >be patient with me.
    >
    >I have an existing Windows Forms application that uses remoting to talk
    >to the server via a custom Windows Service that acts as the remoting
    >host (I'm using GenuineChannels, BTW). I'm using impersonation to allow
    >the end-users' credentials to be able to be used to log into the
    >database. This all works just fine.
    >
    >However, I'm now trying to add an ASP.NET portion to this app. I can
    >get the remoting calls to be made successfully from IIS to my Windows
    >Service. However, I can't get impersonation to work once IIS hands off
    >to the Windows Service. (I do have IIS, my Windows Service (remoting
    >host), and the database all on the same machine.) I can tell that the
    >users' credentials get to IIS appropriately, just not any further.
    >
    >Does anyone have any suggestions on where I should be looking and/or
    >which other newsgroups might be better for this question?
    >
    >Thanks!
    >-Melissa
    >
    >*** Sent via Developersdex http://www.developersdex.com ***
    >Don't just participate in USENET...get rewarded for it!

  • Next message: Ahmed: "Re: Singleton Objects Dying"

    Relevant Pages

    • Re: IIS 6.0 cgi process not running as same user as worker process?
      ... It warns that it's inteneded for IIS 4 &5... ... > elevate privileges (through impersonation), but any other code can only ... it is configurable to have IIS launch CGI as either ... This will make your CGIs launch as app pool identity. ...
      (microsoft.public.inetserver.iis)
    • Re: IIS 6.0 cgi process not running as same user as worker process?
      ... It warns that it's inteneded for IIS 4 &5... ... > elevate privileges (through impersonation), but any other code can only ... it is configurable to have IIS launch CGI as either ... This will make your CGIs launch as app pool identity. ...
      (microsoft.public.inetserver.iis.security)
    • Re: IIS6 - How? Force Anonymous and impersonation
      ... >I'm not sure what settings you are talking about, but IIS ... >much just like IIS 5 with regard to impersonation. ... >> possible to force all Users to authenticate as ... >> the User with a specified User account which is not ...
      (microsoft.public.inetserver.iis.security)
    • Re: IIS Folder and file security. Impersonation does not work.
      ... Custom URL navigation. ... First -- what you want to do does NOT need the impersonation DLL at all. ... Second -- you are muddling HTML and IIS concepts together and hoping for the ... Now, with IIS6, we have a custom authentication sample ISAPI that should ...
      (microsoft.public.inetserver.iis)
    • Re: IIS6 - How? Force Anonymous and impersonation
      ... I'm not sure what settings you are talking about, but IIS 6 works pretty ... much just like IIS 5 with regard to impersonation. ... > possible to force all Users to authenticate as anonymous. ... > belonging to the impersonation account. ...
      (microsoft.public.inetserver.iis.security)