Re: Security Challenge: Runtime impersonation without calling Logo
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 06/24/05
- Next message: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Previous message: Web Developer: "Re: Security Challenge: Runtime impersonation without calling Logo"
- In reply to: Web Developer: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Next in thread: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Reply: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 16:11:38 -0500
If you are using IWA in IIS, you will need Kerberos delegation to get this
scenario to work since it is a double hop. The code you are using is
actually correct. It is actually easier to just use impersonate="true", but
there may be some reason why you don't want impersonation on for the whole
request.
I'd suggest reading some of the documentation on Kerberos delegation to
figure out what it is that you need to do and how to troubleshoot it.
http://msdn.microsoft.com/vstudio/using/building/web/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT05.asp?FRAME=true#ImplementKerberos
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
Joe K.
"Web Developer" <WebDeveloper@discussions.microsoft.com> wrote in message
news:58F38410-21E9-428C-B191-B36039D0430D@microsoft.com...
> Thanks for your reply Joseph.
>
> What I'm trying to do is make a web service call from my web application
> using the credentials of the authenticated user. After I call "context =
> USER.identity.impersonate", I call "MyWebServiceProxyInstance.Credentials
> =
> System.Net.CredentialCache.DefaultCredentials" to add the authenticated
> user's credentials to the web service proxy. However, the
> DefaultCredentials
> are null.
>
> Do you know how I can pass the credentials of the authenticated user to
> the
> web service proxy?
>
> Thank you again.
- Next message: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Previous message: Web Developer: "Re: Security Challenge: Runtime impersonation without calling Logo"
- In reply to: Web Developer: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Next in thread: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Reply: Joseph Bittman MCAD: "Re: Security Challenge: Runtime impersonation without calling Logo"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
