.net Impersonate with integrated authentication client server problem

Ask a Question related to ASP.NET Security, Design and Development.

  1. Ajnabi #1

    Default .net Impersonate with integrated authentication client server problem

    Hi,
    I build a asp.net web application to update user accounts in Active
    Directory (AD). This application works fine on my test server when I
    acces the web application on the server it self and update an user
    account (using an administrator account).

    My settings:
    -In all cases I tried with the same Administrator account
    -I enabled impersonate in the web.config (<identity impersonate="true"
    />).
    -IIS - Windows Integrated Authentication is Active (all others are
    inactive)

    Here comes the problem I have:
    scenario 1:
    When I try to run the application from a client machine, I can NOT
    update the user account (general access denied error, on the
    CommitChanges() method). I tried using the same administrator account
    as above!

    scenario 2:
    I do NOT want to use Basic Authentication for this application, still I
    tried to run it with Basic Authentication using the same settings as
    above and believe and or not it worked fine.

    My questions:
    1. Why can't I update an user account from a client machine while this
    works fine on the server using the same account?

    2. Why does it work using Basic Authentication, while Windows
    Authentication fails?

    Please help me out with this. I'm really out of clue.
    Thanks in advance,
    Ajnabi.

    Ajnabi Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Client/server application and Windows Integrated Auth
      Hi, I have a .NET WinForms application that needs to identify the user and authenticate this against a datastore (could be Access, SQL Server, or...
    2. ASP.NET Client Certificate Authentication Problem
      I am implementing an ASP.NET Web application that requires client certificates. I have a standalone certificate server (Windows 2000, SP4). I used...
    3. Impersonate, Windows Authentication and Database Access
      Hi everyone, I am having problems in my Intranet web site. I recently changed the authentication mode from forms to windows. I turned "OFF" the...
    4. problem accessing webservice if enabling windows integrated authentication
      Hi,all webservice experts Here is my problem: when I try to call a webservice from my web application, I got access denied 401 error Here is...
    5. CHAP authentication problem with Linux client to Win 2K VPN server
      I'm trying to set up a VPN from my RH 8.0 machine to a Windows 2K system at my work. The Windows 2K side is working with other Windows machines. ...
  2. Joe Kaplan \(MVP - ADSI\) #2

    Default Re: .net Impersonate with integrated authentication client server problem

    You are experiencing what is known as a "double-hop" issue. If you must use
    WIA and impersonation, the only solution to this is Kerberos delegation. I
    suggest you read this:
    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;329986[/url]
    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;810572[/url]
    [url]http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx[/url]

    HTH,

    Joe K.

    "Ajnabi" <rtikai@gmail.com> wrote in message
    news:1098976095.205027.318280@z14g2000cwz.googlegr oups.com...
    > Hi,
    > I build a asp.net web application to update user accounts in Active
    > Directory (AD). This application works fine on my test server when I
    > acces the web application on the server it self and update an user
    > account (using an administrator account).
    >
    > My settings:
    > -In all cases I tried with the same Administrator account
    > -I enabled impersonate in the web.config (<identity impersonate="true"
    > />).
    > -IIS - Windows Integrated Authentication is Active (all others are
    > inactive)
    >
    > Here comes the problem I have:
    > scenario 1:
    > When I try to run the application from a client machine, I can NOT
    > update the user account (general access denied error, on the
    > CommitChanges() method). I tried using the same administrator account
    > as above!
    >
    > scenario 2:
    > I do NOT want to use Basic Authentication for this application, still I
    > tried to run it with Basic Authentication using the same settings as
    > above and believe and or not it worked fine.
    >
    > My questions:
    > 1. Why can't I update an user account from a client machine while this
    > works fine on the server using the same account?
    >
    > 2. Why does it work using Basic Authentication, while Windows
    > Authentication fails?
    >
    > Please help me out with this. I'm really out of clue.
    > Thanks in advance,
    > Ajnabi.
    >

    Joe Kaplan \(MVP - ADSI\) Guest
    Reply With Quote Reply With Quote
  3. Ajnabi #3

    Default Re: .net Impersonate with integrated authentication client server problem

    Joe,
    Thanks a lot for your help.
    The second link helped me out.
    I had to set up the computer "trusted for delegation on the network".
    This fixed the problem.

    Thanks again,
    Ajnabi

    Ajnabi Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139