Re: COM+ and NetworkCredential problem

From: "surya" <suryanarayanan.varadarajan@xxxxxxxxxxxxx>
Date: Thu, 1 Sep 2005 10:43:50 +0530

Thanks! Another related question:
Will a call to System.Net.CredentialCache.DefaultCredentials on a thread
return the credentials of the impersonated user on the current thread or the
credentials of the user running the process?

Regards
Surya

"Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx> wrote in message
news:ed7drgWrFHA.260@xxxxxxxxxxxxxxxxxxxxxxx
>
> "surya" <suryanarayanan.varadarajan@xxxxxxxxxxxxx> wrote in message
> news:%231k6GHSrFHA.1028@xxxxxxxxxxxxxxxxxxxxxxx
> > Hi,
> >
> > I have a COM+ out of proc service that is configured to impersonate the
> > user
> > making the call to the COM+ service. Is there a way to create a
> > NetworkCredential object based on the current thread's security? Using
> > System.Net.CredentialCache.DefaultCredentials always returns the
> > credentials
> > of the user configured to run the out of proc COM+ server and not the
> > credentials of the user set on the current thread.
> >
> > Regards
> > Surya
> >
> >
> >
>
> Impersonate != delegate. So you need to select delegate a impersonation
> level, but:
> - the client has to specify during the initial authentication (using
> Kerberos) that it allows it's identity to be delegated (this is the
default
> for AD accounts) , and
> - you need to run in a Kerberos realm,
> - and the server needs to be trusted for delegation i the AD (not set by
> default).
>
> Willy.
> PS. please, don't cross-post to half of microsoft NG's, you question
relates
> to .NET Microsoft.public.dotnet.framework.component_services and possibly
to
> Microsoft.public.platformsd.component_svcs only.
>
>

.

Prev by Date: RE: Encrypting Data EDRA Conenction string
Next by Date: RE: Can't directly dim an instance of a tableadapter
Previous by thread: RE: Encrypting Data EDRA Conenction string
Next by thread: RE: Can't directly dim an instance of a tableadapter
Index(es):
- Date
- Thread

Relevant Pages

Re: how to pass nt password ?
... > f) the logonuser fucntion requires username, ... > Hope this explains why i want to pass my "password" onto other machines to impersonate. ... Services can have their own credentials. ... So long as the account exists on the local machine, ...
(microsoft.public.dotnet.languages.vb)
Re: DTS + ASP.NET
... credentials further than 1 "hop" without explicitly allowing that account to ... delegate these credentials to your DTS on another machine. ... I load the DTS package using windows authentication. ... > domain controller is on the web server. ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Accessing files & folders on client/other machine
... The issue here is called the "double hop" issue. ... > I am setting the credentials before calling the web method. ... it does not impersonate the user. ... >> default in the client app, so IE works and the app does not. ...
(microsoft.public.dotnet.framework.webservices)
Re: Newbie: Authentication approach, Kerberos
... Are you sure you need to delegate the user's security credentials to other ... If you don't need to delegate, then you can use simple LDAP authentication ... If you don't need forms authentication, then you can use Windows ...
(microsoft.public.dotnet.security)
Re: AD queries. Please, prove me being wrong...
... If you want to impersonate the authenticated user ... Kerberos delegation in AD to allow the web app to have the rights to ... delegate the user's credentials to AD. ... means that you must ensure that you use IWA auth in IIS and ensure that IWA ...
(microsoft.public.dotnet.framework.aspnet.security)