|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Weird impersonation issueof our web apps (which used to work). IIS is set to use Windows Authentication, Anonymous is disabled Web.config specifies to use Windows Authentication, Impersonate = true Web server is trusted for delegation. The app goes out to a file server (on the local network) to retrieve an image file. Here is where it gets weird - If I run the app from my machine, the authentication and impersonation work and I can get the file to manipulate it. If I go to the Security Log on the file server, I can see my User Name and the Success Audit. However, if I go to any other computer, still using the same domain account, the Impersonation does not seem to make it all the way to the file server. I use System.Security.Principal.WindowsIdentity.GetCurrent().Name to get the user that the process is running under and it returns my user name, however, on the file server, there is a failure audit from WEBSERVER\Anonymous Logon. I have had another person test it, and they get the same results - it does not work from their machine, but if they log on to my computer, it works fine. Anyone have any idea what is going on here? Why is this only working from my computer? I thought I looked at all the relevant settings in IE, etc, but can't find any differences. Any ideas? Hi,
The problem is that the credentials can not be passed from the web server to the file server, this requires delegation. For this to work you would have to use kerberos which supports delegation across multiple hops. -- Show quoteChris Taylor http://dotnetjunkies.com/weblog/chris.taylor <kaliszews***@gmail.com> wrote in message news:1161263770.570208.242940@e3g2000cwe.googlegroups.com... > Just recently, we started getting a weird impersonation problem on one > of our web apps (which used to work). > > IIS is set to use Windows Authentication, Anonymous is disabled > Web.config specifies to use Windows Authentication, Impersonate = true > Web server is trusted for delegation. > > The app goes out to a file server (on the local network) to retrieve an > image file. > > Here is where it gets weird - If I run the app from my machine, the > authentication and impersonation work and I can get the file to > manipulate it. If I go to the Security Log on the file server, I can > see my User Name and the Success Audit. > > However, if I go to any other computer, still using the same domain > account, the Impersonation does not seem to make it all the way to the > file server. I use > System.Security.Principal.WindowsIdentity.GetCurrent().Name to get the > user that the process is running under and it returns my user name, > however, on the file server, there is a failure audit from > WEBSERVER\Anonymous Logon. > > I have had another person test it, and they get the same results - it > does not work from their machine, but if they log on to my computer, it > works fine. > > Anyone have any idea what is going on here? Why is this only working > from my computer? I thought I looked at all the relevant settings in > IE, etc, but can't find any differences. Any ideas? > Could you explain this further?
Also, I still don't understand why this works from my pc and not any others. My_PC->Webserver->Fileserver - works Other_PC->Webserver->Fileserver - does not work Chris Taylor wrote: Show quote > Hi, > > The problem is that the credentials can not be passed from the web server to > the file server, this requires delegation. For this to work you would have > to use kerberos which supports delegation across multiple hops. > > -- > Chris Taylor > http://dotnetjunkies.com/weblog/chris.taylor <kaliszews***@gmail.com> wrote in message
news:1161287514.824055.202110@h48g2000cwc.googlegroups.com... Your PC is the webserver, or not? If you are logged in on your PC when you > Could you explain this further? > > Also, I still don't understand why this works from my pc and not any > others. > My_PC->Webserver->Fileserver - works > Other_PC->Webserver->Fileserver - does not work access its website from another computer, does that make a difference? Show quote > > Chris Taylor wrote: >> Hi, >> >> The problem is that the credentials can not be passed from the web server >> to >> the file server, this requires delegation. For this to work you would >> have >> to use kerberos which supports delegation across multiple hops. >> >> -- >> Chris Taylor >> http://dotnetjunkies.com/weblog/chris.taylor > Ben Voigt wrote:
> Your PC is the webserver, or not? If you are logged in on your PC when you No, my PC is not the webserver. It does not matter if I am logged into> access its website from another computer, does that make a difference? my pc and I itry to access the page from another computer - it still does not work. Other users can also log into my desktop and access the page without a problem, which is why I thought that something is different with my desktop.  |
|||||||||||||||||||||||
Other interesting topics