Re: Delegate user credentials (double-hop issue)

From: Rob Teixeira [MVP] (RobTeixeira_at_@msn.com)
Date: 06/17/04 

Date: Wed, 16 Jun 2004 23:03:48 -0400

It might be an option in the SSPI call. A fast network authentication won't
give you the proper primary token that can be used to acquire secured
network resources. Post your code, and I'll go back and look at the SSPI
wrapper to see if this is possible using that library. It's been a while
since I've played with it.

-Rob Teixeira [MVP]

"morosan liviu via .NET 247" <anonymous@dotnet247.com> wrote in message
news:OLYwqIiUEHA.3332@tk2msftngp13.phx.gbl...
Hi,everyone!
I tried to use the Net security library from "Microsoft Remoting
Security..." sample in order to solve the double-hop problem.I want to
access a database server(situated on computer C) from a windows service
running under Local system account(on computer B) using the credentials of a
client logged on computer A.
When I impersonate the user inside windows service (on comp. B) even if
Thread.CurrentPrincipal.Identity.Name return me the name of the Client
logged on computer A .the connection to the RDB give me the "Logging failed
for user NT_AUTHORITY\SYSTEM".
In Active Directory I have:
Account is sensitive and cannot be delegated? not checked for Comp A (but
?Account is trusted for delegation' is checked);
and for comp B the checkbox "Trusted for delegation" checked.
Could be a problem of Active Directory?
All computer are running under AD domain.(win 2k server)
Thanks Liviu

-----------------------
Posted by a user from .NET 247 (http://www.dotnet247.com/)

<Id>k1j8Wl3fnk2sHg2O+WEVAg==</Id>

Loading