Re: Construcing NetworkCredential from WindowsIdentity?
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: Thu, 16 Jun 2005 09:03:36 -0500
If you have a WindowsIdentity/WindowsPrincipal for the user, you should be
able to impersonate that WindowsIdentity and then use
CredentialCache.DefaultCredentials to get an ICredential. You can use that
for calling the remote resource.
The main issue here is that you will also most likely need Kerberos
delegation in this scenario in order for your credentials to hop to a remote
"Claus Konrad" <email@example.com> wrote in message
> Well - I'm using a WebApp (ASP.NET) as frontend (hosted by primary
> Here I have full access to my Identity (WindowsIdentity).
> Now - the frontend is calling into a business component (BC). This BC is
> therefore being called from within ASP.NET and thereby instantiated with
> the current identity (that's either ASPNET Machine account or the user
> For the business component to acess the Exchange Server in my datatier,
> I'm using a component from IndependentSoft (WebDav.NET for Exchange). This
> requires my to connect using a ICredential interface. I do NOT have access
> the the current uses password, hence I can not create an instance of a
> NetworkCredential object.
> Therefore my question.
> The CredentialCache.DefaultCredentials is empty. Should the frontend be
> adding something into the cache here or what..?
> Thanks a lot!
> "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
>> System.Net.CredentialCache.DefaultCredentials might be what you're
>> looking for. If you don't think this would help with your scenario,
>> could you please explain how your code on the client (primary server) is
>> communicating with the target server?
>> "Claus Konrad" <firstname.lastname@example.org> wrote in message
>>> Is there any way of getting from a WindowsIdentity (or WindowsPrincipal)
>>> into a NetworkCredential?
>>> I'm forced to authenticate myself towards an second server within my
>>> network, but unfortunately this only accepts Username/password (forms)
>>> or ICredentials (aka. networkcredentials).
>>> I'm fully authenticated with Kerberos on my primary server (web app).
>>> Thanks a million!