Re: CredentialCache.DefaultCredentials not working!!!!!

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 09/07/04 

Date: Tue, 7 Sep 2004 11:37:28 -0500

A few questions:
Are you using Windows Integrated Auth. on the server?
Are you impersonating the logged on user (I think WSS does this by default,
but I'm not sure)?
Is this code running on the server?

If the above are true, then you have an impersonation token on the server
and those credentials will not hop to a different machine unless you have
Kerberos delegation enabled and working. That sounds like what is happening
here.

Check out this link and also try searching for double-hop. That should get
you started:
http://msdn.microsoft.com/vstudio/using/building/web/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT05.asp?FRAME=true#ImplementKerberos

Joe K.

"Paul Cheevers" <paul@nospamaimware.com> wrote in message
news:uNs7z1NlEHA.1356@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I'm trying to use the CredentialCache.DefaultCredentials to pick up the
> credentials of the current user but its not working correctly. I've
switched
> off anonymous access and gone thru the code in debug mode but I keep
getting
> a 401 security exception. The code works perfect if I hard code a user
name
> and password.
>
> After a lot of messing around I got it to work on the server (if I
navigate
> to the webpart that contains the code from a browser on the actual server)
> when I set my browser to automatically logon on. However the code still
> breaks on client machines even if I make this change.
>
> This is driving me nuts, any help or suggestions would be appreciated.
>
> Cheers,
> Paul
>
>

Relevant Pages

  • Re: Winlogon notification DLL and user token
    ... Have you tried impersonating the user in your DLL and then send ... something across the pipe to your COM server which then again ... if the logged-on user's desktop is visible or not. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: impersonation and accessing remote folder
    ... I am impersonating the user. ... client in this case are both on the same domain, all Windows 2000. ... > once passed to the IIS server, the same credentials cannot be passed ... >>access to the remote folder is denied. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Delegatoin w/ Protocol transition in a Windows 2000 native domain
    ... authentication is the only box checked) on the Exchange 2003 /exchange ... frontend-server by means of impersonating the user who's logged on ... This account is trusted for delegation. ... system" privelege on the ASP.NET server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • impersonation works on local xp not on web server
    ... The program I have written to change a password by impersonating an ... the Windows 2000 server the impersonation fails. ... #region Private Methods ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Delegatoin w/ Protocol transition in a Windows 2000 native domain
    ... authentication is the only box checked) on the Exchange 2003 /exchange ... frontend-server by means of impersonating the user who's logged on ... Created service principal names for the "DelegationUser" user the ... system" privelege on the ASP.NET server. ...
    (microsoft.public.dotnet.framework.aspnet)