Re: Double hop

Hi Joe,

I'm facing the same problem than Ralph (double hop). I have done the 2
first checks you wrote however I don't know how to verify if browser is using
Kerberos authentication. Could you please give me some advice?

Thank you very much for your kind reply

Could you please copy your reply to the following address:
johann.granados@xxxxxxxxxxxxxxx
--
Johann Granados
MVP Compact Framework
Costa Rica, Central America


"Joe Kaplan (MVP - ADSI)" wrote:

Unfortunately, implementing Kerberos delegatio can be a little tricky and it
isn't easy to explain it simply such that you'll definitely get everything
working the way you need to.

The first question is whether your AD is 2003 native mode and whether your
web server is 2003. If both are true, then you have a few additional
options to consider (protocol transition and constrained delegation). If
not, then you must use traditional Kerberos delegation.

The basic steps always are:
- Set proper SPNs on the account running the web server process
- Enable the web server process account for delegation
- Ensure browser is authenticating against IIS using Kerberos (warning:
SharePoint pre-SP2 actually disables this feature in the metabase; you must
change it back!). This step is necessary unless you can use protocol
transition

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"ralph_jj22022" <u24448@uwe> wrote in message news:63b6e900a8653@xxxxxx
HI Gurus,

I am trying to build a web part in asp.net 1.1 using VS.Net 2003. I am
using
this web part on a sharepoint server hosted on a remote server. I am
trying
to loginto a sql server 2000 machine , again on a third machine. The issue
I
am facing is that of "Double hop". I ahve gone through the MSDN articles
and
some articles on web butcouldn't understand much. Can anybody explain to
me
in simple novice terms how to solve this double hop issue an connect to
the
sql server from a remote web part.

Happy coding,
Ralph



.

Relevant Pages

  • Re: CreateDirectory working inconsistantly from ASP.net
    ... You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ... >I have also checked that the Integrated Authentication is getting passed ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: CreateDirectory working inconsistantly from ASP.net
    ... You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ... >I have also checked that the Integrated Authentication is getting passed ...
    (microsoft.public.dotnet.general)
  • Re: CreateDirectory working inconsistantly from ASP.net
    ... You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ... >I have also checked that the Integrated Authentication is getting passed ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: error #4.4.6 - Any ideas
    ... Hop count to a higher number and see if the issue goes away. ... is on the Properties of the Default SMTP Virtual Server, ... Please do not send mail directly to this alias. ... I have talked to the remote site and they ...
    (microsoft.public.exchange2000.transport)
  • Re: CreateDirectory working inconsistantly from ASP.net
    ... Many thanks Scott. ... Is there any way to test Delegation is functioning? ... > You are facing the dreaded double hop NTLM issue. ... When the browser authenticates to the web server from a remote ...
    (microsoft.public.dotnet.framework.aspnet)