Weird impersonation issue

K

kaliszewskim

Just recently, we started getting a weird impersonation problem on one
of our web apps (which used to work).

IIS is set to use Windows Authentication, Anonymous is disabled
Web.config specifies to use Windows Authentication, Impersonate = true
Web server is trusted for delegation.

The app goes out to a file server (on the local network) to retrieve an
image file.

Here is where it gets weird - If I run the app from my machine, the
authentication and impersonation work and I can get the file to
manipulate it. If I go to the Security Log on the file server, I can
see my User Name and the Success Audit.

However, if I go to any other computer, still using the same domain
account, the Impersonation does not seem to make it all the way to the
file server. I use
System.Security.Principal.WindowsIdentity.GetCurrent().Name to get the
user that the process is running under and it returns my user name,
however, on the file server, there is a failure audit from
WEBSERVER\Anonymous Logon.

I have had another person test it, and they get the same results - it
does not work from their machine, but if they log on to my computer, it
works fine.

Anyone have any idea what is going on here? Why is this only working
from my computer? I thought I looked at all the relevant settings in
IE, etc, but can't find any differences. Any ideas?
 
C

Chris Taylor

Hi,

The problem is that the credentials can not be passed from the web server to
the file server, this requires delegation. For this to work you would have
to use kerberos which supports delegation across multiple hops.
 
K

kaliszewskim

Could you explain this further?

Also, I still don't understand why this works from my pc and not any
others.
My_PC->Webserver->Fileserver - works
Other_PC->Webserver->Fileserver - does not work
 
B

Ben Voigt

Could you explain this further?

Also, I still don't understand why this works from my pc and not any
others.
My_PC->Webserver->Fileserver - works
Other_PC->Webserver->Fileserver - does not work
Click to expand...

Your PC is the webserver, or not? If you are logged in on your PC when you
access its website from another computer, does that make a difference?
 
K

kaliszewskim

Ben said:
Your PC is the webserver, or not? If you are logged in on your PC when you
access its website from another computer, does that make a difference?
Click to expand...

No, my PC is not the webserver. It does not matter if I am logged into
my pc and I itry to access the page from another computer - it still
does not work. Other users can also log into my desktop and access the
page without a problem, which is why I thought that something is
different with my desktop.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DPAPI via impersonation 0
Issue with Client side impersonation - follow up 1
Impersonation in a console (or Windows) app 2
Current Identity without being impersonated 2
Newbie question about impersonation 5
Impersonation 3
Impersonation and Delegation with ASP.NET 2.0 on 2 Servers 3
Impersonation in code/Sharepoint 2

Top