RE: problem connecting to dbase from webservice with impersonation

---

• From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
• Date: Tue, 17 Oct 2006 10:41:17 GMT

---

Hi Nadav,

Thanks for your reply.

What's your server and the domain environment? (such as server OS version,
IIS version and Domain condition). My local test is performed on a windows
2003 server sp1 with IIS6 and virtual directory is allowing NTLM/Negotiate
authentication.

So far, I think the problem is likely due to the windows authentication
against the domain account on the webserver machine. And the problem can be
specific to ether ther webserver(IIS metabase) and the domain account. If
you have some other server machine available, I suggest you do the
following tests:

1. Move the same application to another server machine and configure the
same authentication setting in IIS and test again to see whether the
problem remains.

2. I noticed that the debug info in your last reply indicate that the
problem windowsIdentity has a "Delegation" level and the authenticationType
is also a bit strange, I wonder whether the domain account is configured as
delegatable in DC, you can also verify this. And for test, you can switch
to use another normal domain account to see the behavior.

I've also discussed with some other engineers and they also mentioned that
it is possible caused by the kerberos authentcation context.

Anyway, please feel free to post here if you have any new finding.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.



.

---

• References:
  • RE: problem connecting to dbase from webservice with impersonation
    • From: Steven Cheng[MSFT]

• Prev by Date: RE: Error exporting RSA key container via aspnet_regiis
• Next by Date: Re: Can't get access with some role logins - on IIS 6 only
• Previous by thread: RE: problem connecting to dbase from webservice with impersonation
• Next by thread: RE: problem connecting to dbase from webservice with impersonation
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Beginners Questions ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ... (microsoft.public.dotnet.distributed_apps) Re: Need help configuring Wireless Connection profile ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ... (microsoft.public.windowsxp.general) Re: EAP-TLS with windows CE ... The AP was sending out an Identity Request every second, ... request to the identification server. ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ... (microsoft.public.windowsce.platbuilder) Re: server authentication & ASP authentication ... on to the client workstation with an authorized Windows account. ... SQL Server with Windows authentication. ... (microsoft.public.sqlserver.security) Re: ADFS Development Issues ... site to be automatically authenticated by our windows application so ... based on redirects and possibly uses forms-based authentication to collect ... web service proxies don't handle this type of thing ... the server based on how it needs to work. ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-10