Remoting Impersonation/Delegation



I have a client/server application and I'm trying to get the server to
impersonate the client with a delegation token. In my test on Active
Directory, I have two users, the server user and the client user. The
server user has 'Account is trusted for delegation' enabled in Active
Directory. The client user does not have the 'cannot be delegated
role' enabled.

Any time I connect from the client to the server, either on separate
computers or the same computer, I can only get an impersonation level
token, not the delegate token that I will need to connect to another

I'm using a TCP remoting connection with the following server and
client connections being set up:


BinaryServerFormatterSinkProvider provider = new
provider.TypeFilterLevel =

IDictionary props = new Hashtable();
props["port"] = 8080;
props["impersonate"] = true;
props["protectionLevel"] =
props["secure"] = true;

TcpServerChannel chan = new TcpServerChannel(props, provider);
ChannelServices.RegisterChannel(chan, true);


BinaryClientFormatterSinkProvider provider = new

IDictionary props = new Hashtable();
props["port"] = 0;
props["secure"] = true;
props["tokenImpersonationLevel"] = "Delegation";
props["protectionLevel"] =

TcpClientChannel chan = new TcpClientChannel(props, provider);
ChannelServices.RegisterChannel(chan, true);

Any ideas of what I might be setting up wrong to get this to work?
I've been trying many different configurations from many different
articles and posts I have read, but none have helped.


I have figured out the problem. In the client configuration, the
serviceProviderName needs to be included. This will use Kerberos
authentication instead of NTLM.

The other thing I had wrong was I had the user that the server was
running as with the allow delegation in Active Directory. Instead it
should be the user you want to be delegated(the client user).

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question