S
Steve
I have a client/server application and I'm trying to get the server to
impersonate the client with a delegation token. In my test on Active
Directory, I have two users, the server user and the client user. The
server user has 'Account is trusted for delegation' enabled in Active
Directory. The client user does not have the 'cannot be delegated
role' enabled.
Any time I connect from the client to the server, either on separate
computers or the same computer, I can only get an impersonation level
token, not the delegate token that I will need to connect to another
machine.
I'm using a TCP remoting connection with the following server and
client connections being set up:
Server:
RemotingConfiguration.Configure(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile,
false);
BinaryServerFormatterSinkProvider provider = new
BinaryServerFormatterSinkProvider();
provider.TypeFilterLevel =
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;
IDictionary props = new Hashtable();
props["port"] = 8080;
props["impersonate"] = true;
props["protectionLevel"] =
System.Net.Security.ProtectionLevel.EncryptAndSign;
props["secure"] = true;
TcpServerChannel chan = new TcpServerChannel(props, provider);
ChannelServices.RegisterChannel(chan, true);
Client:
BinaryClientFormatterSinkProvider provider = new
BinaryClientFormatterSinkProvider();
IDictionary props = new Hashtable();
props["port"] = 0;
props["secure"] = true;
props["tokenImpersonationLevel"] = "Delegation";
props["protectionLevel"] =
System.Net.Security.ProtectionLevel.EncryptAndSign;
TcpClientChannel chan = new TcpClientChannel(props, provider);
ChannelServices.RegisterChannel(chan, true);
Any ideas of what I might be setting up wrong to get this to work?
I've been trying many different configurations from many different
articles and posts I have read, but none have helped.
impersonate the client with a delegation token. In my test on Active
Directory, I have two users, the server user and the client user. The
server user has 'Account is trusted for delegation' enabled in Active
Directory. The client user does not have the 'cannot be delegated
role' enabled.
Any time I connect from the client to the server, either on separate
computers or the same computer, I can only get an impersonation level
token, not the delegate token that I will need to connect to another
machine.
I'm using a TCP remoting connection with the following server and
client connections being set up:
Server:
RemotingConfiguration.Configure(AppDomain.CurrentDomain.SetupInformation.ConfigurationFile,
false);
BinaryServerFormatterSinkProvider provider = new
BinaryServerFormatterSinkProvider();
provider.TypeFilterLevel =
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;
IDictionary props = new Hashtable();
props["port"] = 8080;
props["impersonate"] = true;
props["protectionLevel"] =
System.Net.Security.ProtectionLevel.EncryptAndSign;
props["secure"] = true;
TcpServerChannel chan = new TcpServerChannel(props, provider);
ChannelServices.RegisterChannel(chan, true);
Client:
BinaryClientFormatterSinkProvider provider = new
BinaryClientFormatterSinkProvider();
IDictionary props = new Hashtable();
props["port"] = 0;
props["secure"] = true;
props["tokenImpersonationLevel"] = "Delegation";
props["protectionLevel"] =
System.Net.Security.ProtectionLevel.EncryptAndSign;
TcpClientChannel chan = new TcpClientChannel(props, provider);
ChannelServices.RegisterChannel(chan, true);
Any ideas of what I might be setting up wrong to get this to work?
I've been trying many different configurations from many different
articles and posts I have read, but none have helped.