Professional Web Applications Themes

.net Impersonate with integrated authentication client server problem - ASP.NET Security

Hi, I build a asp.net web application to update user accounts in Active Directory (AD). This application works fine on my test server when I acces the web application on the server it self and update an user account (using an administrator account). My settings: -In all cases I tried with the same Administrator account -I enabled impersonate in the web.config (<identity impersonate="true" />). -IIS - Windows Integrated Authentication is Active (all others are inactive) Here comes the problem I have: scenario 1: When I try to run the application from a client machine, I can NOT update the user ...

  1. #1

    Default .net Impersonate with integrated authentication client server problem

    Hi,
    I build a asp.net web application to update user accounts in Active
    Directory (AD). This application works fine on my test server when I
    acces the web application on the server it self and update an user
    account (using an administrator account).

    My settings:
    -In all cases I tried with the same Administrator account
    -I enabled impersonate in the web.config (<identity impersonate="true"
    />).
    -IIS - Windows Integrated Authentication is Active (all others are
    inactive)

    Here comes the problem I have:
    scenario 1:
    When I try to run the application from a client machine, I can NOT
    update the user account (general access denied error, on the
    CommitChanges() method). I tried using the same administrator account
    as above!

    scenario 2:
    I do NOT want to use Basic Authentication for this application, still I
    tried to run it with Basic Authentication using the same settings as
    above and believe and or not it worked fine.

    My questions:
    1. Why can't I update an user account from a client machine while this
    works fine on the server using the same account?

    2. Why does it work using Basic Authentication, while Windows
    Authentication fails?

    Please help me out with this. I'm really out of clue.
    Thanks in advance,
    Ajnabi.

    Ajnabi Guest

  2. #2

    Default Re: .net Impersonate with integrated authentication client server problem

    You are experiencing what is known as a "double-hop" issue. If you must use
    WIA and impersonation, the only solution to this is Kerberos delegation. I
    suggest you read this:
    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;329986[/url]
    [url]http://support.microsoft.com/default.aspx?scid=kb;en-us;810572[/url]
    [url]http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx[/url]

    HTH,

    Joe K.

    "Ajnabi" <rtikai> wrote in message
    news:1098976095.205027.318280z14g2000cwz.googlegr oups.com...
    > Hi,
    > I build a asp.net web application to update user accounts in Active
    > Directory (AD). This application works fine on my test server when I
    > acces the web application on the server it self and update an user
    > account (using an administrator account).
    >
    > My settings:
    > -In all cases I tried with the same Administrator account
    > -I enabled impersonate in the web.config (<identity impersonate="true"
    > />).
    > -IIS - Windows Integrated Authentication is Active (all others are
    > inactive)
    >
    > Here comes the problem I have:
    > scenario 1:
    > When I try to run the application from a client machine, I can NOT
    > update the user account (general access denied error, on the
    > CommitChanges() method). I tried using the same administrator account
    > as above!
    >
    > scenario 2:
    > I do NOT want to use Basic Authentication for this application, still I
    > tried to run it with Basic Authentication using the same settings as
    > above and believe and or not it worked fine.
    >
    > My questions:
    > 1. Why can't I update an user account from a client machine while this
    > works fine on the server using the same account?
    >
    > 2. Why does it work using Basic Authentication, while Windows
    > Authentication fails?
    >
    > Please help me out with this. I'm really out of clue.
    > Thanks in advance,
    > Ajnabi.
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  3. #3

    Default Re: .net Impersonate with integrated authentication client server problem

    Joe,
    Thanks a lot for your help.
    The second link helped me out.
    I had to set up the computer "trusted for delegation on the network".
    This fixed the problem.

    Thanks again,
    Ajnabi

    Ajnabi Guest

Similar Threads

  1. Client/server application and Windows Integrated Auth
    By Joubert in forum ASP.NET Security
    Replies: 9
    Last Post: February 2nd, 04:40 PM
  2. ASP.NET Client Certificate Authentication Problem
    By EagleRed@HighFlyingBirds.com in forum ASP.NET Security
    Replies: 3
    Last Post: April 30th, 04:26 PM
  3. Impersonate, Windows Authentication and Database Access
    By Fabricio Sperandio in forum ASP.NET Security
    Replies: 1
    Last Post: April 14th, 10:13 AM
  4. Replies: 2
    Last Post: February 24th, 04:31 PM
  5. CHAP authentication problem with Linux client to Win 2K VPN server
    By James Kimble in forum Linux Setup, Configuration & Administration
    Replies: 1
    Last Post: September 15th, 06:26 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139