ASP.NET Impersonation & Delegation

From: Brian (brian_at_nospam.net)
Date: 12/31/03

  • Next message: Jim Cheshire [MSFT]: "RE: ASP.NET Impersonation & Delegation" 
    Date: Wed, 31 Dec 2003 12:05:16 -0800

    I have read various articles regarding explaining ASP.Net
    security model. I have one simple question regarding
    Delegation that i can't seemed to get answered:

    I have a web service that opens a file on another server
    and reads the contents.

    If I set an IIS application to Anoymous which uses a
    domain account, I also set-up Impersonate = True in
    web.config, do I need to turn on Kerebos Delegation for
    the web server or the other server?

    My understanding is that the ASP.NET will impersonate the
    Domain account and since IIS knows the password it passes
    it successfully to the other server which also receives
    the credentials. However,if another hop was involved,
    delegation would be required.

  • Next message: Jim Cheshire [MSFT]: "RE: ASP.NET Impersonation & Delegation"

    Relevant Pages

    • Re: Unix Bind and Windows DNS coexist problem with forwarder ON
      ... not a web server. ... Here is the MS KB link of how i setup in Microsoft DNS server. ... I setup delegation in UNIX BIND server to Windows 2003 ... >>> The above does not describe delegation. ...
      (microsoft.public.windows.server.dns)
    • Re: PROBLEM: ASP on IIS 5 secured via "Windows Integrated Authentication" accessing "
      ... I have two virtual directories on same server with Integrated ... If i use basic authentication, ... as .NET framework config file) as well as Delegation as specified by the ... > could do whatever you want in your ASP page on behalf of the Domain Admin. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Using NT Authentication with Linked Server
      ... You are running into a double hop (or delegation) scenario. ... User trying to connect to SQL Server is not sensitive and can be ... how to register SPNs for your SQL Service account). ... Use sp_addlinkedsrvlogin on the first linked server (server B in your ...
      (microsoft.public.sqlserver.security)
    • Re: Windows (Trusted) Authentication and SQL Server
      ... I can still run the application when logged in locally to the IIS machine, ... > The account whose credentials are being delegated must be a domain account ... > be marked in Active Directory as trusted for delegation. ... > Server) does not need to be marked as trusted. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Choosing between ASTs and Threads
      ... While I haven't used VMS since long before threads existed there, ... > True Master/Slave scenario, ... (and of course such delegation has significant overheads of its own): ... > connections to a VMS server application. ...
      (comp.os.vms)