Re: Impersonation and double hop
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Jul 2007 10:20:48 -0500
What type of authentication are you using in IIS with your web services?
Are you using basic or IWA?
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Glenn Thimmes" <gthimmes@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e3d64nXvHHA.3364@xxxxxxxxxxxxxxxxxxxxxxx
Hello,
I need a little advice in figuring out the right solution for a problem
that I am facing. I have a 3 tier application. Client, Web Service middle
layer, and SQL Server. I have been using a trusted account to get from the
WS to SQL, but now I have new requirements for getting user credentials
all the way to SQL Server. I was under the impression that by passing the
user login name and password to the middle layer, it could impersonate the
user and do a single hop to the SQL Server machine.
Unfortunately, this appears to still be a double hop scenario, even though
the middle layer has the username and password required for the domain
account. Is this correct?
And if that is the case, I suppose my only solution is to use Kerberos
delegation, which I am concerned that a highly competent and security
obsessed IT staff will refuse to set up for us during an onsite customer
implementation.
Am I missing any pieces to the puzzle? Any advice would be appreciated.
Thanks,
Glenn
.
- Follow-Ups:
- Re: Impersonation and double hop
- From: Glenn Thimmes
- Re: Impersonation and double hop
- References:
- Impersonation and double hop
- From: Glenn Thimmes
- Impersonation and double hop
- Prev by Date: Impersonation and double hop
- Next by Date: Re: Impersonation and double hop
- Previous by thread: Impersonation and double hop
- Next by thread: Re: Impersonation and double hop
- Index(es):
Relevant Pages
|
