Using Protocol Transition and Constrained Delegation to access a domain controler via LDAP
- From: "Olivier Matrot" <olivier.matrot.rte@xxxxxxxxxxxxx>
- Date: Wed, 14 Mar 2007 17:49:25 +0100
Hello,
I'm trying to apply the techniques found in the following article :
http://msdn2.microsoft.com/en-us/library/ms998355.aspx
However the backend tier is not a SQL Server, but a domain controller
accessed via the System.DirectoryServices Namespace.
My scenarii is the following:
- The web site is running under the network service account (Windows 2003
domain member).
- Forms based authentication is used.
- the web page impersonate the authenticated user by using the
WindowsIndentity constructor.
- Any call to the System.Directory Services namespace fails with the error :
0x8007203A : 'The server is not operational'.
Please note that the LogonUser technique works fine in the same environment.
The problem is that I'm not sure that I have correctly selected the services
available in the delegation property page for the computer account. I have
selected the service "ldap" on each domain controler.
Any help appreciated.
.
- Follow-Ups:
- Prev by Date: Re: WCF Security Question
- Next by Date: Impersonation Issue
- Previous by thread: WCF Security Question
- Next by thread: Re: Using Protocol Transition and Constrained Delegation to access a domain controler via LDAP
- Index(es):
Relevant Pages
|
|
