Re: Troubleshoot Security Issues

From: Ken Schaefer (
Date: 03/26/04

  • Next message: [MSFT]: "RE: C#: How do I orce a server to refresh its list of security groups from an Active Directory."
    Date: Fri, 26 Mar 2004 13:44:34 +1100

    a) You can put a trace on the network -or- you can dump out all the values
    in the Request.ServerVariables() collection. If you see something like
    Auth_Type: Negotiate, then Kerberos was used. If you see something like
    Auth_Type: NTLM then NTLM was used.

    b) Is ASP.Net impersonating correctly? If you have <identity
    impersonate="true"> and set authentication to Windows then it should

    c) Is delegation working correctly? I don't know. Why don't you tell us what
    you've done, and what's happening?


    "Raterus" <raterus@localhost> wrote in message
    : What is the easiest way to troubleshoot security issues?
    : I'm trying to set up a delegation secnario, which I wrote an question
    : yesterday. Something isn't working in it, but I feel kind of helpless to
    : even know if what I think I set up is actually what is happening in the
    : background. For instance, i'm trying to get my application to
    : delegate to another computer to be able to access files on a network
    : How do I really know my browser is authenticating with Kerberos?, Is
    : impersonating correctly, when it accesses this network share, is
    : working correctly?. Lots of issues like this, what is the best way to
    : at this information?

  • Next message: [MSFT]: "RE: C#: How do I orce a server to refresh its list of security groups from an Active Directory."

    Relevant Pages

    • Re: access to network file server through web server denied
      ... Before I check with the network team to ... see whether the network has been configured with "Delegation", ... On our local developer's web server (It can be IIS 5 on Windows XP ...
    • Re: Listing files on network share
      ... If delegation isn't working in your environment, ... One solution is to run the ASPNET worker process under a domain ... network hop. ... >a network shre be displayed on the site. ...
    • Re: LsaLogonUser - access to network resources
      ... target services must be specified. ... setting in AD U&C and you must configure constrained delegation. ... > and I managed to get access to the same network resources using ... > logon on that machine (Ctrl-Ald-Del and logon as domain user with the same ...
    • Re: impersonate/delegate problem
      ... you don't have delegation so I'm not sure if you have ... > webserver from within AD users and computers) to pass the ... > on our production network. ... > request process from ...
    • Re: Integrated windows security HTTP500 error
      ... fix your domain to do Kerberos internally, ... - accessing the website from a PC within the network, ... With Integrated Authentication enabled, it defaults to NTLM on Win2000 ...