Enable Double - Hop Delegation In IIS7 Windows 2008
Dec 2, 2010
my ASP.NET web application uses windows authentication on our intranet. I want it to be able to make a server-side http request to another server on the same domain that also requires windows authentication. I've followed the instructions on temporarily impersonating the authenticated user when making the additional request here: [URL] Using code like this:
using System.Security.Principal;
// Obtain the authenticated user's Identity
WindowsIdentity winId = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext ctx = null;
try
{
// Start impersonating
ctx = winId.Impersonate();
// Now impersonating
// Access resources using the identity of the authenticated user
var request = WebRequest.Create("http://intranet/secureapp");
request.Credentials = CredentialCache.DefaultCredentials;
var response = request.GetResponse();
using (var streamReader = new StreamReader(response.GetResponseStream()))
{
Response.Write(streamReader.ReadToEnd());
}
}
// Prevent exceptions from propagating
catch
{
}
finally
{
// Revert impersonation
if (ctx != null)
ctx.Undo();
}
// Back to running under the default ASP.NET process identity
But, unfortunately, I always get a 401 unauthorized error. Do I need to configure our webserver with active directory to allow it to delegate the autenticated user (could be any one of about 200 users, so don't want to have to do anything 200 times :))? If so, can anyone tell me how to do this?
View 1 Replies
Similar Messages:
Sep 3, 2010
I have an ASP.NET 2.0 web app which calls a one way web method on a web service. This web method contacts remote servers and pulls back config information to confirm the state of new server builds (settings etc) and inserts the collected data into a SQL database. The web app is supposed to pass through the callers kerberos ticket to the web service and then again to the newly built server which is being checked, all via impersonation and delegation using the calling users administrator privileges.
The trouble is, I just can't get the web service to run under the callers context. I have the SPN's set up, delegation turned on in the active directory objects for the computer running the web app and service and the worker process domain user service account. I have windows authentication on and impersonation set to true in both the web app and service's web.config, integrated authentication in IIS, and IE settings are all ok. All has been checked out and passes the tests in DelegConfig, but it still won't work.
It appears that any data that's is written to the database is written under the context of the web pool service account, and not the calling users, plus along with the fact that I get access denied messages when trying to collect data from the server says impersonation isn't working. Also, is it possible to run the checks under the calling users context, but write to the database with the web pool identity service account without specifying the user details in the web config?? I am working in a secure environment and we must user windows based accounts only, no SQL accounts.
View 1 Replies
Nov 10, 2010
I want to use IIS impersonation to connecto to a SQL server database as the user who is currently accessing a website. This is for auditing and security reasons. I've done some reading and discovered that because the SQL Server is on a sepearate physical server I need to enable Protocol Transitioning and Constrained delegation for the server that's running IIS. This is the article that I found. [URL] I didn't realise at the time I first read it but this article has the following header. Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. What I want to know is, does the information in the article still apply, if I want to impersonate the user all the way to the SQL Server, do i still need Constrained Delegation or has this been implemented in some other way for ASP.NET 4?
View 1 Replies
Nov 17, 2010
I have web app written in .net 4.0 using url routing. It works fine in the development environment in VS 2010.But It's not working after publishing to iis7. on remote server i'm getting error HTTP Error 404.0 - Not FoundThe resource you are looking for has been removed, had its name changed, or is temporarily unavailable. I tried in virtual directory and it's not working.[URL]
View 1 Replies
Jan 20, 2014
I am trying to increase the size of file upload for my ASP.NET app.. (Windows 2008 Enterprise + IIS 7)
What I have done in web.config:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping="true">
<requestLimits maxAllowedContentLength="100000000" />
</requestFiltering>
</security>
</system.webServer>
View 5 Replies
May 29, 2010
Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off". Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL. ----------------------------------- This error will be display when I am try to show the Crystal Report. Can anybody tell me what Property I have to ser in Windows Server 2008 R2 or in IIS7???
View 1 Replies
Jan 11, 2011
I am working on the migration of the server. Our new server is Windows server 2008 with IIS7.0 I have a great difficulty in browsing the pages hosted in virtual directories. I have followed the proper steps of creating a virtual directories and converting them into applications. But when i try to browsing the pages of the virtual directory, i get the 404 error. Note: The .Net Framework 4.0 is installed on the server and the web applications which i am trying to configure in the virtual directories are developed in Visual Studio 3.0. Even the http://localhost also don't work.
View 9 Replies
Mar 24, 2011
I just moved our website to a new server(windows 2008, IIS7.5). this website needs to do post to an outside https website to get the data back, but
it deesn't work. when i put the https: website on the IE address bar, it failed. I am wondering what setting i need to change to enable https: website to go through on the server?
View 1 Replies
Mar 24, 2010
I have an application that ran fine on a Win 2003 box using windows authentication. After installing the app on a 32-bit Windows Server 2008 box the users are now prompted for domain credentials every time they call the site. I went into IIS manager for IIS7 and disabled anonymous authentication and enabled windows authentication. What do I need to do here for the user to not be prompted for the credentials?
View 5 Replies
Nov 3, 2010
The biggest difference between double and decimal is that double is a floating point variable type whereas decimal is a fixed point variable .What it means?? Please Explain the abovePoint with Example.According to me both are used to store the folating numbers,then whats the difference between two?
View 1 Replies
Oct 11, 2010
Microsoft Visual Studio 2010 was being used along with SQL Express for website development on the Operating System, Windows Server 2008 R2 Enterprise Edition of Intel Xeon CPU @ 2.13 GHz (2 Processors) containing 12 GB RAM with 64-bit Operating System. Website was developed along with the databases of SQL Express with the help of Visual Studio. Whether the developed website along with the databases may be used on the Operating System, Windows 7 of 64-bit? The website will used within Intranet. Which Operating System and configuration to be used for the Intranet Website?
View 1 Replies
Mar 8, 2010
I've installed IIS for Windows Server 2008 SP2 and Windows 7. In both instances, I can't get even the simplest of ASP.net scripts to work (note: I'm ftping the published files from Visual Web Dev 2008 Express on XP):
------------------------------------LOCAL MESSAGE---------------------------------------------
Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
Source Error
[Code]....
Line 36: ASP.NET to identify an incoming user.Line 37: -->Line 38:
<authentication mode="Windows"/>Line 39: <!--Line 40: The <customErrors> section enables configuration
Source File: C:inetpubwwwroot estweb.config Line: 38
------------------------------------REMOTE MESSAGE-------------------------------------------
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a
<customErrors> tag within a "web.config" configuration file
located in the root directory of the current web application. This
<customErrors> tag should then have its "mode" attribute set to
"Off".
[Code]....
<!-- Web.Config Configuration File --><configuration> <system.web> <customErrors mode="Off"/> </system.web></configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
[Code]....
<!-- Web.Config Configuration File --><configuration> <system.web> <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/> </system.web></configuration>
Can anyone tell me what I'm doing wrong here in the web.config file? This is killing me.
View 5 Replies
Mar 17, 2011
I just downloaded and installled the Microsoft Windows Azure SDK yesterday for the first time and I am having issues running the application as I all I am getting is 503 errors. I run Windows Server 2008 R2 on my development machine and even tested it on another co-workers 2008 R2 and couldn't even compile the application. He got this error instead "A problem occurred while trying to set the "References" parameter for the IDE's in-process compiler. Error HRESULT E_FAIL has been returned from a call to a COM component."
From within my Windows Server 2008 R2 Hyper-V Virtual Windows 7 x86 enviroment, I was able to successfully build and run the Windows Azure SDK and it even showed the base ASP.NET application.So my question is, does the Windows Azure SDK for Visual Studio 2010 w/ Visual Studio 2010 SP 1 installed not work under Microsoft Server 2008 R2?
View 1 Replies
Jul 16, 2010
Older machine (2 years), Visual Studio 2008 SP1, Windows 7.
Error message when trying to open previously created mvc2 web app on IIS through Open Web site > Local IIS
"Unable to open the Web site "htpp://localhost/websitename" To access local IIS Web sites you must install the following IIS components:"
(no items on list)
then the open in admin mode notice.
I have tried everything I have found on the internet for 3 days.
View 3 Replies
Feb 10, 2010
I've got an ASP.NET web app that uses Crystal Reports XI Release 2 (Service Pack 4 + Fix Pack 4.1), and when I use Windows Authentication, the report still passes the application pool identity to the database instead of the user's identity. Every other portionof the program sends the user's identity (checked using SQL profiler). I know I've gotten this working on a client's windows 2008 server before, but I don't have access to that machine to make a comparison with the one I'm working on. I'm pretty sure it's an IIS configuration issue, but I can't seem to find the thing that's causing the Crystal reports to behave differently from the rest of the application.
View 2 Replies
Nov 4, 2010
I am trying to run a website on iis7, it was working fine untill i tryed to install isapi rewrit on iis7. when i go to localhost i get the 404 message and when i type localhost/Default.aspx i get the default page but the css is not applyed to the page. i tryed to uninstall /install iis but the settings remain the same. how can i install iis with default settings.
i was following this instructions.
[URL]
View 3 Replies
Sep 8, 2010
We have a working version of application (Intranet) with uses Windows Authentication deployed in Windows 2003. The application uses HttpContext.Current.User.Identity.Name to get the logged-in user. Here impersonate is turned off.Right now, we are move to Windows 2008 RC2 where this Windows Authentication problem arised. I have Digest Authentication and Windows Authentication enabled. And also I have enabled Anonymous Authentication enabled to avoid the Login dialog of IIS in the end-user IE. Now I am getting HttpContext.Current.User.Identity.Name as Empty. When I impersonate using username and password, I am used to login using that user but all the users uses the same user to login.Does any has solution for this?Deployment Server - Windows 2008 RC2 (IIS 7.5)Development - Windows 7 (IIS 7.5)I am new to IIS 7.5. Please give me a solution
View 3 Replies
Nov 2, 2010
In my masterpage application i have "Integrated windows authentication" enabled and it works fine for Active Directory Users. but i have created some users in my aspnetdb and i want few users to login and use my application. But for created users in aspnetdb i can getting "windows login screen". means when users not on active directory try to access application instead of getting login page, they get windows auth login popup.
View 1 Replies
Jan 28, 2010
This below code I am calling from asp.net page. it is giving error when I am executing UserObj.SetInfo().
My environemnt: asp .net 2003
My Objective: to enable windows user ids threw asp.net application with admin rights
---------------------------------------------------------------
Error Message : General access denied error
--------------------------------------------------------------
web.config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>[code]....
View 2 Replies
Jul 30, 2010
I have a website deployed on IIS 7 . And want one of my pages authenticated by windows authentication. But While trying this I am getting error "This feature has been locked or Read Only".
View 1 Replies
Feb 9, 2011
I have just started building an asp.net web service with visual studio 2005. However whenever i try and run the site i get this message, saying "debugging failed because integrated windows authentication is not enabled". I am at a loss of how to correct this problem.
View 1 Replies
May 5, 2010
Here is what I need to know about SSRS/VS2008:
View 5 Replies
Jun 7, 2010
I have an application we bought that I need to integrate, and it uses jakarta connection to get to the application from IIS.So, the basic operation is
View 1 Replies
Mar 28, 2010
I have looked at all the posts I can find on this problem and tried everything I can think of, but still the problem persists. I am getting really sick of it.was working fine for the last year until an update to MS Office 2007 caused a lot of problems (automatic update). After checking posts here, I removed it completely. No change. I then tried all the things I could find on other posts, also no change. Today, I removed VS and the Web Authoring Component and re-installed. Still no go.
Does anyone have a fix for this problem. It seems that it has been around a long time, but is still giving problems. I even saw one suggestion to reformat the drive! You've got to be joking!
View 4 Replies
Oct 11, 2010
I am looking at developing using Visual Studio 2010/2008 and SQL Server 2008 on Windows 7. Should I be able to do this on Windows 7 Professional, or do you need Windows 7 Ultimate?
View 2 Replies
