RE: HttpListener windows authentication fails for domain account

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0\fnil\fprq2\fcharset0 MS Sans Serif;}{\f1\fmodern\fprq6\fcharset134 \'cb\'ce\'cc\'e5;}}
\viewkind4\uc1\pard\lang2052\f0\fs20 Hi David,
\par
\par Thanks for your response.
\par
\par After some discussion with our dev guys, we've got the point that cause the problem behavior in our scenario. As I mentioned in the previous message, for IntegratedWindowsAuthentication or Negociate mode, the client and server will choose the most secure authentiation protocol, and for 2000 or later version of windows, Kerberos will be used, however, performing kerberos authentication require the server application(in our case is the HttpListener's hosting application) be able to gain machine credential. However, since our own console or winform application always run under our own logon user, it can not do so. Therefore if you want to use HttpListener and configured as IntegratedWindows or Negociate, we need to make the host application running under Network Service account (or Local System is also ok), and generally this is only available if our application is a service application (which is configured in service controller that can be specified to use Network Service or Local System account).
\par
\par In addition, if we use NTLM authentication protocol, there is not such requirement.
\par
\par Regards,
\par
\par Steven Cheng
\par Microsoft Online Support
\par
\par Get Secure! www.microsoft.com/security
\par (This posting is provided "AS IS", with no warranties, and confers no rights.)
\par
\par
\par believe you\f1\rquote re running your app under your own account. With Negotiate or Integrated, your client will attempt Kerberos auth and this will fail to gain machine credentials unless you run your app as NetworkService.
\par \f0
\par }

Relevant Pages

  • Re: Slow response on windows server 2003 running multiple web site.
    ... Thank you for your response. ... but only one of my app is asp.net app, the other is just plain html pages. ... > repeatedly incurred on the subsequent request. ... > IIS 5.1 on XP Pro does not proactively idle timeout nor do any sort of ...
    (microsoft.public.inetserver.iis)
  • Re: Slow Performance
    ... Use a native app to bootstrap your app. ... It will have much faster startup response and is easy to do. ... longer than 3 seconds but on mobiles user expect instant response, ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Blackberry Storm - Oh my god!
    ... the OS is very buggy. ... cutesy graphics load to process your commands. ... We have an app the hackers wrote to let us see how much ... I don't think any busy mobile device will give you the kind of response ...
    (alt.cellular.verizon)
  • Re: How to change focus from .net application back to Word
    ... you are instantiating the Word app differently than I am in my app. ... David ... "John Murray" wrote: ... >>I developed a Windows User Control that automates some functionality of ...
    (microsoft.public.office.developer.automation)
  • Re: Need advice on performance troubleshooting
    ... in terms of desktop response. ... with increased usage of swap, which tends to rise from 0 to 1.2 GB in two ... network and RAM usage). ... any app again. ...
    (Fedora)