Re: delegation and multiple host name
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Nov 2007 15:35:03 -0600
You need to create additional servicePrincipalName values for the additional
services with the alternate hostnames. Then you can delegate to them.
For example, if the alternate website is called althost1.domain.com, then
add an SPN to the account that runs its app pool (the machine account if you
run as the default "network service") with the value
HTTP/althost1.domain.com. Once you have an appropriate SPN for the
additional service, you will be able to do Kerb auth and then delegation is
also possible as well.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Pom" <Pom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CB158A8D-4579-4236-9AEA-B941BDEB3806@xxxxxxxxxxxxxxxx
I'am running asp.net 2.0 on a 2003 serveur using a a domain service
account
for my application pool. I'm trying to connect to a serveur that have my
webservices. My chalenge is that server have 3 IP address, one for each
web
site I need. The web services I try to access will be on the second web
site
(but there is also a copy on the first web site) . So I defined a
different
host name in DNS for each web site and I also assign it to each web site
as a
host heade. My challenge is in the ADUC it only allow usto add a computer
name as a "trust this user for delegation to specified services only".
When I
called my web services with the "server name" kerberos authenfication work
but when I use the host name, it fall over NTLM. So could we delegate to a
host name different from a server name?
.
- Prev by Date: Re: Problem with Protocol Transition
- Next by Date: Re: Encrypt connectionstring in web.config
- Previous by thread: Re: Problem with Protocol Transition
- Next by thread: Re: delegation and multiple host name
- Index(es):
Relevant Pages
|
