Re: Subject: impersonate="True" gives login (null) for SQL Server

As long as you have Win2K DCs, you are stuck with Kerberos to Kerberos
delegation and cannot use constrained delegation either (which is better
from a security standpoint). Once your org migrates to 2K3 native DCs, then
you can use protocol transition and can take advantage of some of these
features.

For the internet version of the site, you might consider using basic
authentication with SSL. That would allow you to capture the user's
plaintext credentials if you need them and could be used as a means of
impersonation as well.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Pedro Gonçalves" <PedroGonalves@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C545660A-606F-41BD-9129-ACFDBB9179AE@xxxxxxxxxxxxxxxx
Thanks Dominick,

Yes, I'm out of luck! Althougth my web server is Windows 2003, my domain
controller is Win2000.

Regarding your first comment, I know your're rigth but that's what they
are
doing when accessing the Outlook Web Access...

Regards,
Pedro Gonçalves

"Dominick Baier [DevelopMentor]" wrote:



.

Relevant Pages

  • RE: RSS Feed Security problem
    ... \par Have you tried the article I provided to configure Constrained Delegation for Kerberos? ... \par This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.sharepoint.portalserver.development)
  • RE: Event ID 677 security errors
    ... If so I believe there is a Kerberos issue that ... causes that error on Win2K DCs in a Win2003 domain. ... This posting is provided "AS IS" with no warranties, and confers no rights. ...
    (microsoft.public.win2000.security)