Re: WSE 2.0 Kerberostoken creation on IIS 5.0/win2k fails
From: Dominick Baier (dotnet_at_leastprivilege.com)
Date: 12/30/04
- Previous message: John Saunders: "Re: Proper use of IPrincipal"
- Maybe in reply to: Dominick Baier: "WSE 2.0 Kerberostoken creation on IIS 5.0/win2k fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: microsoft.public.dotnet.security Date: Thu, 30 Dec 2004 13:59:38 -0800
so how do you want to request a kerberos token if you are not a domain member ??
the asp.net worker process identity must be a domain account then. you can configure that in the <processmodel> element in machine.config.
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
No, I am using the default accounts. ASPNET for the ASP.NET worker
process and IUSR for the anon access for IIS.
TIA
Dominick Baier wrote:
> does your asp.net app run as a domain user?
>
> ---
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
>
nntp://news.microsoft.com/microsoft.public.dotnet.security/
>
> Hi,
> I have a ASP.NET web app in which I am trying to create a Kerberos
token
> using the following code.
>
> Microsoft.Web.Services2.Security.Tokens.KerberosToken kt = new
> Microsoft.Web.Services2.Security.Tokens.KerberosToken("host/" +
> ConfigurationSettings.AppSettings["ws-host"]);
>
> This in turn returns
>
> The Kerberos credential handle could not be acquired. The
> AcquireCredentialsHandle call returned the following error code: A
specified
> logon session does not exist. It may already have been terminated
>
> Note that the same code works in Windows 2003 server with IIS 6.
>
> .NET framework version 1.1
>
> Any help is greatly appreciated.
>
> TIA
>
>
>
> [microsoft.public.dotnet.security]
[microsoft.public.dotnet.security]
Relevant Pages
... I am tryin to work with Web Service Enhancement 2.0 to use Kerberos ... I have Windows XP SP2 installed on my m/c which is connected in ... error code: The parameter is incorrect." ... I also tried investigating AcquireCredentialsHandle, ...
(microsoft.public.security)
... We are trying to log Kerberos errors using gss_display_status. ... For start-up performance reasons, we delay this initialization until the first time certain "interesting" operations are invoked, like krb5_init_context, but any path that should be able to return such error codes should cause the initialization to be done. ... (There are also library finalization functions, implemented in an OS- specific manner, which will discard the dynamic storage allocated by the library init function and other global storage used by the library. ... (Though if you're passing in an error code from outside the process, and gss_acquire_cred doesn't call into the Kerberos library for whatever reason, it would be the expected result.) ...
(comp.protocols.kerberos)
... > Using Kerberos for Windows 2.6.5, I am trying to get a Kerberos 4 ticket ... > with what I am 100% sure is a correct password, ... > would get a bad password error code when the password is correct? ... This KDC is an OpenAFS 1.0.4 kaserver. ...
(comp.protocols.kerberos)
... Kerberos library from /usr/lib, ... sia# pkg_info | grep krb ... If the port version is aabsolutely necessary, ... *** Error code 1 ...
(freebsd-questions)
... i'm running a web application that attempts to access a web service ... The Kerberos ticket could not be retrieved. ... > The RetrieveKerbTicket call returned the following error code: ... > I am running Win Server 03 on the Admin account. ...
(microsoft.public.dotnet.framework.webservices)
