Impersonation and double hop
- From: "Glenn Thimmes" <gthimmes@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Jul 2007 07:58:41 -0600
Hello,
I need a little advice in figuring out the right solution for a problem that
I am facing. I have a 3 tier application. Client, Web Service middle layer,
and SQL Server. I have been using a trusted account to get from the WS to
SQL, but now I have new requirements for getting user credentials all the
way to SQL Server. I was under the impression that by passing the user login
name and password to the middle layer, it could impersonate the user and do
a single hop to the SQL Server machine.
Unfortunately, this appears to still be a double hop scenario, even though
the middle layer has the username and password required for the domain
account. Is this correct?
And if that is the case, I suppose my only solution is to use Kerberos
delegation, which I am concerned that a highly competent and security
obsessed IT staff will refuse to set up for us during an onsite customer
implementation.
Am I missing any pieces to the puzzle? Any advice would be appreciated.
Thanks,
Glenn
.
- Follow-Ups:
- Re: Impersonation and double hop
- From: Joe Kaplan
- Re: Impersonation and double hop
- Prev by Date: Re: Profiles
- Next by Date: Re: Impersonation and double hop
- Previous by thread: Re: Profiles
- Next by thread: Re: Impersonation and double hop
- Index(es):
Relevant Pages
|
|
