standand nt creditials can not be forwarded. if iis impersonates the client,
it does not have a primary security token, and thus can not use to access a
network resource (1 hop rule).
to get around you have to switch to kerberos from ntlm, and enable
creditials forwarding (a server option) on all the network resources. see:
http://support.microsoft.com/default...b;en-us;810572
-- bruce (sqlwork.com)
"Andrew" <An****@discussions.microsoft.com> wrote in message
news:D6**********************************@microsof t.com...
Hello, friends,
Our asp.net app needs to access other servers from our IIS servers. In
web.config, we set:
<identity impersonate="true"/>
However, this works on some IIS servers, and does not work on the rest of
IIS servers. We have to explicitly set:
<identity impersonate="true" userName="IISGroup\userName"
password="password" />
to make it work again.
Why? Any ideas? We don't want to have userName/password in web.config...
Thanks a lot.