Re: How to start/stop windows service on a remote machine?
- From: "Goran Djuranovic" <goran.djuranovic@xxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Feb 2007 08:35:33 -0500
Hi Steven,
We decided to have this asp.net website as an "intranet" website, and
therefore will use Basic Authentication with impersonation. It worked very
well for us. Consider this issue resolved and thank you for all your help.
Goran Djuranovic
"Steven Cheng[MSFT]" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:jddiHYwVHHA.4044@xxxxxxxxxxxxxxxxxxxxxxxxx
Thanks for your reply Goran,
Yes, in IIS virtual directory, you can use only one authentication type at
a time. since "Basic" setting is before "Integrated Windows", it will use
"Basic" when you enable both.
As you mentioned, your application previously use "integrated windows
authentication", is there any particular server-side code logic rely on
this or what you worry about is the client-side user's experience. As far
as I know, for basic authentication, the drawback is the client user will
be prompt for username/password credentials when requesting the web page
and this is transfered to server as clear text, so in internet scenario,
you have to use SSL/HTTPS to secure the channel. At server-side basic
authenticated user will also be mapped to a WindowsIdentity associated
with
the HttpContext.User propety(as long as the ASP.NET application is
configured as windows authentication).
If you're wondering other means which can also overcome double hop problem
and remain using integrated windows authentication(without impersonate
under a fixed account), I'm afraid the only possible approach is using
Kerberos delegation in your environment(from client to webserver and the
backend server). As I mentioned previously, configure kerberos
delegation
is quite complex since it require you to not only configure all the server
machines(webserver and backend server and also the DC), but also all those
windows accounts that will participate in the application scope. Here are
some reference articles about ASP.NET delegation and how to implement it,
you can have a look first to see whether it will fit your environment:
#ASP.NET Delegation
http://msdn2.microsoft.com/en-us/library/aa291350(VS.71).aspx
#How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998355.aspx
#How To: Use Impersonation and Delegation in ASP.NET 2.0
http://msdn2.microsoft.com/en-us/library/ms998351.aspx
#How to configure an ASP.NET application for a delegation scenario
http://support.microsoft.com/kb/810572/en-us
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- Follow-Ups:
- Re: How to start/stop windows service on a remote machine?
- From: Steven Cheng[MSFT]
- Re: How to start/stop windows service on a remote machine?
- References:
- RE: How to start/stop windows service on a remote machine?
- From: Steven Cheng[MSFT]
- Re: How to start/stop windows service on a remote machine?
- From: Goran Djuranovic
- Re: How to start/stop windows service on a remote machine?
- From: Steven Cheng[MSFT]
- RE: How to start/stop windows service on a remote machine?
- Prev by Date: Re: ActiveDirectoryMembershipProvider & ValidateUser
- Next by Date: [2.0] Cannot create membership database on webhost provider
- Previous by thread: Re: How to start/stop windows service on a remote machine?
- Next by thread: Re: How to start/stop windows service on a remote machine?
- Index(es):
Relevant Pages
|
