Re: How to start/stop windows service on a remote machine?

Thanks for your reply Goran,

Yes, in IIS virtual directory, you can use only one authentication type at
a time. since "Basic" setting is before "Integrated Windows", it will use
"Basic" when you enable both.

As you mentioned, your application previously use "integrated windows
authentication", is there any particular server-side code logic rely on
this or what you worry about is the client-side user's experience. As far
as I know, for basic authentication, the drawback is the client user will
be prompt for username/password credentials when requesting the web page
and this is transfered to server as clear text, so in internet scenario,
you have to use SSL/HTTPS to secure the channel. At server-side basic
authenticated user will also be mapped to a WindowsIdentity associated with
the HttpContext.User propety(as long as the ASP.NET application is
configured as windows authentication).

If you're wondering other means which can also overcome double hop problem
and remain using integrated windows authentication(without impersonate
under a fixed account), I'm afraid the only possible approach is using
Kerberos delegation in your environment(from client to webserver and the
backend server). As I mentioned previously, configure kerberos delegation
is quite complex since it require you to not only configure all the server
machines(webserver and backend server and also the DC), but also all those
windows accounts that will participate in the application scope. Here are
some reference articles about ASP.NET delegation and how to implement it,
you can have a look first to see whether it will fit your environment:


#ASP.NET Delegation
http://msdn2.microsoft.com/en-us/library/aa291350(VS.71).aspx

#How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998355.aspx

#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998351.aspx


#How to configure an ASP.NET application for a delegation scenario
http://support.microsoft.com/kb/810572/en-us

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • RE: Beginners Questions
    ... We do use Windows form on the presentation layer which is on ... terminal server and call web services on the business logic side. ... of using "proxy" authentication on SQL Server. ... > I have written an app with a Windows Forms UI that is deployed to clients ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: PROBLEM: ASP on IIS 5 secured via "Windows Integrated Authentication" accessing "
    ... I have two virtual directories on same server with Integrated ... If i use basic authentication, ... as .NET framework config file) as well as Delegation as specified by the ... > could do whatever you want in your ASP page on behalf of the Domain Admin. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Need help configuring Wireless Connection profile
    ... and I can only use the intel OR windows utility, not both at the same time. ... Windows authentication for all users,4129,LRG\ryanv,4149,Wireless WPA2 ... SMALL BUSINESS SERVER: ... STEP #1 Install Certificate Services ...
    (microsoft.public.windowsxp.general)
  • Re: EAP-TLS with windows CE
    ... The AP was sending out an Identity Request every second, ... request to the identification server. ... When the server asks the Windows CE device to identify itself, ... I could easily steal your authentication information. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: server authentication & ASP authentication
    ... on to the client workstation with an authorized Windows account. ... SQL Server with Windows authentication. ...
    (microsoft.public.sqlserver.security)