Hi to all..
I'm using impersonation, combined with windows authentication.
When the page tries to connect to active directory,
i get login failure, due to double hop issue.
As i understand it, the iis does not receive a
primary token, so how can i authenticate against Active directory?
Is it possible to delegate, when using impersonation and windows
authentication?
Thanks.
Sharon.
6  1539 
Yes, I have some links to delegation resources on my blog: http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
--
Scott http://www.OdeToCode.com/blogs/scott/
On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sh****@void.null> wrote: Hi to all..
I'm using impersonation, combined with windows authentication.
When the page tries to connect to active directory,
i get login failure, due to double hop issue.
As i understand it, the iis does not receive a
primary token, so how can i authenticate against Active directory?
Is it possible to delegate, when using impersonation and windows
authentication?
Thanks.
Sharon.
Thanks Scott.
This is a "bit" confusing.
As i understand it so far, delegation is only possible using Kerberos,
and all users in Active Directory have to be marked for delegation.
Unfortunately, the fruit basket will not work here, and i've ruled out
pumping laughter gas into the IT room ventilation system.
What if i revert to the IIS identity before the Active Directory query?
Problem is, how do i get the WindowsImpersonationContext, to call Undo
method?
The only other solution is to use Basic authentication, which i don't like.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:n8********************************@4ax.com... Yes, I have some links to delegation resources on my blog:
http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sh****@void.null> wrote:
Hi to all..
I'm using impersonation, combined with windows authentication.
When the page tries to connect to active directory,
i get login failure, due to double hop issue.
As i understand it, the iis does not receive a
primary token, so how can i authenticate against Active directory?
Is it possible to delegate, when using impersonation and windows
authentication?
Thanks.
Sharon.
Hi Sharon:
What you'll have to do is use an identity that the AD server
understands. Perhaps you could run the worker process under a domain
account with enough permissions in AD?
--
Scott http://www.OdeToCode.com/blogs/scott/
On Thu, 31 Mar 2005 13:29:58 +0200, "Sharon" <sh****@void.null> wrote: Thanks Scott.
This is a "bit" confusing.
As i understand it so far, delegation is only possible using Kerberos,
and all users in Active Directory have to be marked for delegation.
Unfortunately, the fruit basket will not work here, and i've ruled out
pumping laughter gas into the IT room ventilation system.
What if i revert to the IIS identity before the Active Directory query?
Problem is, how do i get the WindowsImpersonationContext, to call Undo
method?
The only other solution is to use Basic authentication, which i don't like.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:n8********************************@4ax.com.. . Yes, I have some links to delegation resources on my blog:
http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sh****@void.null> wrote:
>Hi to all..
>I'm using impersonation, combined with windows authentication.
>When the page tries to connect to active directory,
>i get login failure, due to double hop issue.
>As i understand it, the iis does not receive a
>primary token, so how can i authenticate against Active directory?
>Is it possible to delegate, when using impersonation and windows
>authentication?
>Thanks.
>Sharon.
>
No i can't.
This project is for a very large organization,
and the department that controls the domain users,
will never allow it.
As a part of the policy, all users must change their passwords periodically.
So any hard coded user name and password, will eventually fail.
I tried disabling Impersonation, and still login fails.
Thanks.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:3k********************************@4ax.com... Hi Sharon:
What you'll have to do is use an identity that the AD server
understands. Perhaps you could run the worker process under a domain
account with enough permissions in AD?
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Thu, 31 Mar 2005 13:29:58 +0200, "Sharon" <sh****@void.null> wrote:
Thanks Scott.
This is a "bit" confusing.
As i understand it so far, delegation is only possible using Kerberos,
and all users in Active Directory have to be marked for delegation.
Unfortunately, the fruit basket will not work here, and i've ruled out
pumping laughter gas into the IT room ventilation system.
What if i revert to the IIS identity before the Active Directory query?
Problem is, how do i get the WindowsImpersonationContext, to call Undo
method?
The only other solution is to use Basic authentication, which i don't
like.Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:n8********************************@4ax.com.. . Yes, I have some links to delegation resources on my blog:
http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sh****@void.null> wrote:
>Hi to all..
>I'm using impersonation, combined with windows authentication.
>When the page tries to connect to active directory,
>i get login failure, due to double hop issue.
>As i understand it, the iis does not receive a
>primary token, so how can i authenticate against Active directory?
>Is it possible to delegate, when using impersonation and windows
>authentication?
>Thanks.
>Sharon.
>
Then you're in a pickle. You either need to 1) setup a domain user for your
ASP.NET application that has the right creds for your AD, 2) enable the delegation
for your AD users if you're using integrated auth, or 3) switch to using
basic auth (over SSL, of course).
-Brock
DevelopMentor http://staff.develop.com/ballen No i can't.
This project is for a very large organization,
and the department that controls the domain users,
will never allow it.
As a part of the policy, all users must change their passwords
periodically.
So any hard coded user name and password, will eventually fail.
I tried disabling Impersonation, and still login fails.
Thanks.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:3k********************************@4ax.com...
Hi Sharon:
What you'll have to do is use an identity that the AD server
understands. Perhaps you could run the worker process under a domain
account with enough permissions in AD?
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Thu, 31 Mar 2005 13:29:58 +0200, "Sharon" <sh****@void.null>
wrote:
Thanks Scott.
This is a "bit" confusing.
As i understand it so far, delegation is only possible using
Kerberos,
and all users in Active Directory have to be marked for delegation.
Unfortunately, the fruit basket will not work here, and i've ruled
out
pumping laughter gas into the IT room ventilation system.
What if i revert to the IIS identity before the Active Directory
query?
Problem is, how do i get the WindowsImpersonationContext, to call
Undo
method?
The only other solution is to use Basic authentication, which i
don't like.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:n8********************************@4ax.com...
Yes, I have some links to delegation resources on my blog:
http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sh****@void.null>
wrote:
> Hi to all..
> I'm using impersonation, combined with windows authentication.
> When the page tries to connect to active directory,
> i get login failure, due to double hop issue.
> As i understand it, the iis does not receive a
> primary token, so how can i authenticate against Active directory?
> Is it possible to delegate, when using impersonation and windows
> authentication?
> Thanks.
> Sharon.
Thank you Scott & Brock vary much.
Maybe i'm in a pickle, but i'm out of the confusion.
Another option i have is revert to the old DB based app,
but that means rewriting a large portion of the code.
Basic authentication is becoming more and more appealing.
Thanks again.
Sharon.
"Brock Allen" <ba****@NOSPAMdevelop.com> wrote in message
news:31**********************@msnews.microsoft.com ... Then you're in a pickle. You either need to 1) setup a domain user for
your ASP.NET application that has the right creds for your AD, 2) enable the
delegation for your AD users if you're using integrated auth, or 3) switch to using
basic auth (over SSL, of course).
-Brock
DevelopMentor
http://staff.develop.com/ballen
No i can't.
This project is for a very large organization,
and the department that controls the domain users,
will never allow it.
As a part of the policy, all users must change their passwords
periodically.
So any hard coded user name and password, will eventually fail.
I tried disabling Impersonation, and still login fails.
Thanks.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:3k********************************@4ax.com...
Hi Sharon:
What you'll have to do is use an identity that the AD server
understands. Perhaps you could run the worker process under a domain
account with enough permissions in AD?
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Thu, 31 Mar 2005 13:29:58 +0200, "Sharon" <sh****@void.null>
wrote:
Thanks Scott.
This is a "bit" confusing.
As i understand it so far, delegation is only possible using
Kerberos,
and all users in Active Directory have to be marked for delegation.
Unfortunately, the fruit basket will not work here, and i've ruled
out
pumping laughter gas into the IT room ventilation system.
What if i revert to the IIS identity before the Active Directory
query?
Problem is, how do i get the WindowsImpersonationContext, to call
Undo
method?
The only other solution is to use Basic authentication, which i
don't
like.
Sharon.
"Scott Allen" <sc***@nospam.odetocode.com> wrote in message
news:n8********************************@4ax.com...
> Yes, I have some links to delegation resources on my blog:
>
> http://odetocode.com/Blogs/scott/arc...2/24/1053.aspx
>
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
> On Wed, 30 Mar 2005 22:32:02 +0200, "Sharon" <sh****@void.null>
> wrote:
>
>> Hi to all..
>> I'm using impersonation, combined with windows authentication.
>> When the page tries to connect to active directory,
>> i get login failure, due to double hop issue.
>> As i understand it, the iis does not receive a
>> primary token, so how can i authenticate against Active directory?
>> Is it possible to delegate, when using impersonation and windows
>> authentication?
>> Thanks.
>> Sharon.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: raza |
last post by:
Hi,
I have implemented a band object in C# thats basically an explorer
bar. THere is a very strange issue. When the bar is open and the web
page opens a new window using window.open call from JS...
|
by: Jonathan Fielder |
last post by:
Hi,
My program (below) casts a double (which is in range for a float) to a
float. As far as I know this should give me the nearest representable
float, which will loose some precision. I...
|
by: krian |
last post by:
Hi,
I need a help from anybody. My problem is here
I wrote two WebApplication in ASP.net Using C#. The name of the
applications are (Journal.aspx and Payment.aspx). These Two pages have
DataGrids...
|
by: Sharon |
last post by:
Hi to all..
I'm using impersonation, combined with windows authentication.
When the page tries to connect to active directory,
i get login failure, due to double hop issue.
As i understand it,...
|
by: Steve |
last post by:
Can python modules be reloaded.
For example you import a module, programatically edit it, then have the
file reload the module?
Does anyone have any ideas about this?
Steve
|
by: Thoaren |
last post by:
Hi,
I wrote a this piece of code in let's say page1.php:
<script language="JavaScript">
function bgi01(){
document.getElementById('changeThisBG01').style.backgroundImage='URL(mp02.jpg)';...
|
by: volker |
last post by:
Hi,
I'm trying to move an iframe from one position in the DOM to another. The moving itself is not a problem at all, but I experience a different behaviour between Firefox (1.5) and IE (6): As...
|
by: hopeorpha308 |
last post by:
Nero 7 premium reloaded crack
|
by: =?Utf-8?B?Rmx5Z3V5?= |
last post by:
I am trying to keep from reloading my XmlDocument every time my page reloads.
To do this I am using ViewState.
System.Xml.XmlDocument myDataXmlDoc = new System.Xml.XmlDocument();...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
