Re: impersonate/delegate problem

• Previous message: Rich: "impersonate/delegate problem"
• In reply to: Rich: "impersonate/delegate problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 18 Aug 2003 20:10:58 -0400

Thanks Rich..

I did get it to work once that was turned on..
Without that feature, you don't have delegation so I'm not sure if you have
a choice...

"Rich" <reedr@saccounty.net> wrote in message
news:0d2201c365e1$710cd820$a001280a@phx.gbl...
> Not sure if you found the answer to this question, but
> that's exactly what we had to do(enable delegation on the
> webserver from within AD users and computers) to pass the
> original callers identity to our remote resource. Our
> network folks are looking into the cons of allowing this
> on our production network. They don't want to create a
> possible security risk. I'm trying to find out more info
> about the potential risks of turning this on.
>
> >-----Original Message-----
> >Ok.. so I've read and seen lot of messages and MSDN docs
> concerning the
> >above issue.. how do I get it to work?
> >I want to impersonate the current user accessing my
> website...
> >so I turn on the site directory security to NOT allow
> anonymous but turn ON
> >integrated windows authentication.
> >Then I change the web.config to allow impersonate
> = "true".
> >
> >So far so good.. this setting will allow me to run the
> request process from
> >the user to the webserver under the current users
> identity...
> >
> >Now that same process needs to access some network
> resources..specifically
> >see if some windows services are running on network
> servers... so I need to
> >"delegate" the current users identity to the ASPNET...
> >
> >but I thought the impersonate="true" would do that but I
> guess it doesn't..
> >It looks like the impersonate is only for the process b/w
> the client and
> >webserver.
> >
> >seeing how we are running Win2000 servers and desktops..
> and using Active
> >Directory..
> >what more do I need to get delegate to work?
> >
> >I want to be able to use the user's identity for the
> delegate..
> >
> >I've tried setting a valid username and password in the
> webconfig but I
> >don't want to use that.. since it opens up the
> >id/pwd to everyone in the development group..
> >
> >Do I have to turn on the property for the webserver to
> support delegate in
> >the AD?
> >
> >
> >Thanks,
> >Jerry
> >
> >
> >
> >.
> >

• Previous message: Rich: "impersonate/delegate problem"
• In reply to: Rich: "impersonate/delegate problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]