Re: Kerberos Constrained Delegation For Access To A Single Application Pool
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Sat, 22 Apr 2006 21:45:02 -0400
Maybe I'm reading into this. When you say delegate identity, can you expand
on that? I think you want to authorize an identity to use/access resources
across pool A and C but not B and D.
If it helps, your authentication source is Active Directory (or ADAM or ?)
but your authorization can happen in other ways depending on how you setup
your application. I believe it may be the role management that would be most
interesting to you (http://msdn2.microsoft.com/en-us/library/3yfs7yc7.aspx)
..
Al
<seangoogle@xxxxxxxxxxx> wrote in message
news:1145733799.289759.27080@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Is there some way to configure a service account used to run an ASP.NET
application pool to delegate identity only to specific virtual
directories or application pools on a remote server?
the HTTP service on a web service. This is insufficient for ourFrom what I've read, I've only ever seen constaining delegation down to
scenarios because we have many applications that run in various farms
and want to control access between specific applications.
For example:
- 2 Web Servers
- Server 1 Has Web Services: A & B
- Server 2 Has Web Services: C & D
- Web Service A should be able to delegate identity to web service C,
but not D
- Web Service B should be able to delegate identity to web service D,
but not C
- A & B Can Run as separate service accounts
How do I restrict access from the various service accounts to only
specific virtual directories or application pools on a server?
Possible?
Thanks!
.
- References:
- Prev by Date: Re: Access is Denied on domain admin console login
- Next by Date: Re: The Directory Service is currently unavailable
- Previous by thread: Kerberos Constrained Delegation For Access To A Single Application Pool
- Next by thread: active directory users logged in time
- Index(es):
Relevant Pages
|
