Impersonation fails on intranet site

From: Dwight Johnson <djohnson149@xxxxxxxxx>
Date: Mon, 16 Jun 2008 06:21:37 -0700 (PDT)

We had a situation where impersonation was working on our test
intranet site, but failing on our production site. The application
uses integrated Windows authentication, and gets the currently logged
in user using the WindowsIdentity class. The web.config had
impersonate set to true. Everything seemed to be set up correctly, but
it was not working.

Apparently there were two things that needed to be done to get it to
work:

1) install SP2 and all subsequent updates for Windows 2003 Server on
that server, and
2) check the "Trust computer for delegation" setting on the Properties
window in Active Directory for that server.

Once these things had been done, the impersonation worked as
advertised.

I had looked for a solution to this problem, but had not seen this
particular set of circumstances mentioned anywhere.
.

Prev by Date: Re: Lightweight logon? Impersonation? - shared workstation problem
Next by Date: DACL & Active Directory
Previous by thread: Re: Lightweight logon? Impersonation? - shared workstation problem
Next by thread: DACL & Active Directory
Index(es):
- Date
- Thread

Relevant Pages

Re: Going from anonymous security to Windows Security in an ASP.NET application
... as I said in my previous post - there is no context on the client... ... Your page.context exists purely on the server. ... we need to have our own login page instead of the standard Windows logon ... impersonation, which takes place on the server has no effect on page ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: no Access to Client-Files with "impersonate=true"
... This happens because you're using "Windows" authentification on IIS. ... Impersonation works fine on the server, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Kerberos delegation trauma
... Kerberos delegation won't solve this. ... > when the tool on my machine tries to access the server. ... On my machine I have set IE to have Enable Integrated Windows ... > my IIS for my web application directory and have impersonation set ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Remote control of windows service with windows 2003 server
... Impersonation is more difficult in forms authentication. ... you are passing the username and password for a windows account. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Starting up Windows Program from a webform with current userss authentication
... On the other hand i have a windows applications that uses windows ... (with authenticated user impersonation), and navigate to the right record. ... application with the "ASPNET" account. ... > appropriate rights on the directory housing the windows application. ...
(microsoft.public.dotnet.framework.aspnet)