Delegation problem in FW 2.0

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Alex Ivanov" <Alex Ivanov@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Dec 2005 00:03:02 -0800

Delegation not work in 3-tier application.

My configuration:
Client: windows app. "Account is sensitive and cannot be delegated" is not
selected for user.
Middle tier: windows service (log on as local system).
Server: SQL Server (log on as local system).

All computers has "Trust this computer for delegation to any service (for
Kerberos only)" selected in AD.

Impersonation on Middle tier is work, but SQL Server say "Login failed for
user '(null)'".

My server config:
<system.runtime.remoting>
<customErrors mode="off"/>
<application>
<service>
<wellknown mode="SingleCall" type="ServerObject.Obj, ServerObject"
objectUri="Service.rem" />
</service>
<channels>
<channel ref="tcp" port="9005" name="TCPSSPI" secure="true"
authenticationMode="ImpersonateCallers" impersonate="true">
<serverProviders>
<formatter ref="binary" typeFilterLevel="Full"/>
</serverProviders>
</channel>
</channels>
</application>
</system.runtime.remoting>

My client config:
<system.runtime.remoting>
<application name="Sherp.Net">
<client>
<wellknown type="ServerObject.Obj, ServerObject"
url="tcp://ivanov-an:9005/Service.rem" />
</client>
<channels>
<channel ref="tcp" port="0" name="TCPSSPI" secure="true"
impersonationLevel="Impersonate" tokenImpersonationLevel="Impersonation">
<clientProviders>
<formatter ref="binary" />
</clientProviders>
<serverProviders>
<formatter ref="binary" typeFilterLevel="Full"/>
</serverProviders>
</channel>
</channels>
</application>
</system.runtime.remoting>

I try impersonationLevel "Impersonate" and "Delegate",
tokenImpersonationLevel "Impersonation" and "Delegation", authenticationMode
"ImpersonateCallers" and "DelegateCallers" and any combination.

Work delegation in .Net Remoting?

P.S. Delegating with configuration IE - Web Service - SQL Server on same
computers is work.
.

Follow-Ups:
- Re: Delegation problem in FW 2.0
  - From: ton . steijvers

Prev by Date: Error with web user
Next by Date: Is object remote activated
Previous by thread: Error with web user
Next by thread: Re: Delegation problem in FW 2.0
Index(es):
- Date
- Thread

Relevant Pages

Re: Linked Servers with Security Account Delegation
... Please check the following configuration steps ... User trying to connect to SQL Server is not sensitive and can be ... you can use Constrained delegation. ... account, then you will see a delegation tab in the user account properties ...
(microsoft.public.sqlserver.connect)
Re: Failed to register SharePoint Services 2007
... with SQL Server 2K and use that instead of SQL Server 2005. ... When I ran the configuration databse for the first time I had a failure ... System.ArgumentException: Exception of type ... So I used the ntrights to get that privilege on my sharepoint user. ...
(microsoft.public.sharepoint.portalserver)
Re: Failed to register SharePoint Services 2007
... with SQL Server 2K and use that instead of SQL Server 2005. ... When I ran the configuration databse for the first time I had a failure ... System.ArgumentException: Exception of type ... So I used the ntrights to get that privilege on my sharepoint user. ...
(microsoft.public.sharepoint.portalserver)
RE: Server Configuration
... Determining the best configuration for your SQL Server has a few ground ... as the backplane is configured as RAID1 you'll have great redundancy ... Monitoring CPU Usage ... For more information about performance tuning and configuration, ...
(microsoft.public.sqlserver.setup)
Re: PROBLEM: ASP on IIS 5 secured via "Windows Integrated Authentication" accessing "
... uses NT group based permissons on the SQL Server, ... > transfered to the IIS box and IIS does a local logon. ... > delegation for all accounts. ...
(microsoft.public.inetserver.iis.security)