Re: Weird impersonation issue

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi,

The problem is that the credentials can not be passed from the web server to
the file server, this requires delegation. For this to work you would have
to use kerberos which supports delegation across multiple hops.

--
Chris Taylor
http://dotnetjunkies.com/weblog/chris.taylor
<kaliszewskim@xxxxxxxxx> wrote in message
news:1161263770.570208.242940@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Just recently, we started getting a weird impersonation problem on one
of our web apps (which used to work).

IIS is set to use Windows Authentication, Anonymous is disabled
Web.config specifies to use Windows Authentication, Impersonate = true
Web server is trusted for delegation.

The app goes out to a file server (on the local network) to retrieve an
image file.

Here is where it gets weird - If I run the app from my machine, the
authentication and impersonation work and I can get the file to
manipulate it. If I go to the Security Log on the file server, I can
see my User Name and the Success Audit.

However, if I go to any other computer, still using the same domain
account, the Impersonation does not seem to make it all the way to the
file server. I use
System.Security.Principal.WindowsIdentity.GetCurrent().Name to get the
user that the process is running under and it returns my user name,
however, on the file server, there is a failure audit from
WEBSERVER\Anonymous Logon.

I have had another person test it, and they get the same results - it
does not work from their machine, but if they log on to my computer, it
works fine.

Anyone have any idea what is going on here? Why is this only working
from my computer? I thought I looked at all the relevant settings in
IE, etc, but can't find any differences. Any ideas?



.

Relevant Pages

  • accessing folder on remote server from asp.net page (impersonation question)
    ... I have a .NET 2.0 web app that needs to access the file server. ... However, when running on the dev web server, setting Identity ... impersonation programatically results in the same. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Access of images on file server
    ... Read this article on how to configure ACLs on a UNC setup. ... server access to the file server (though if the web server in the DMZ is ... able to access a file server not in the DMZ... ... User on both web server and file server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Server is displaying "Enter Network Password" logon box when trying to access files
    ... > Our company's web server is trying to access graphics files on another ... When I run the app from Visual Studio on my localhost, ... > my localhost, I am set to connect to the file server as administrator, ... > and the same settings are on the iis on the web server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Sharing with remote local users? An object named "\servernamelocalusername" cannot be found
    ... One web server and one file server. ... One of my test applications is Sharepoint. ... Apparently there are two local users that need acces to the ...
    (microsoft.public.windows.server.general)
  • Impersonate at runtime
    ... Impersonation is used to impersonate a client on -that- ... in ASP.NET the web server. ... There are a number of requirements for Delegation, ... My problem is that I can't get Kerberos to work. ...
    (microsoft.public.dotnet.framework.aspnet.security)