what is the difference between manually constructed NetworkCredentialand one from windowsidentity?

D

DAXU

Hello,
I have a winform (client) and windows service (server),
At client side, when I construct a NetworkCredential manually by
providing username, password and domain, I can do this:

clientSide.AuthenticateAsClient(new NetworkCredential
("administrator","8ik,7UJM","jerry.test"),
spn.ToString(),
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Delegation);

however, if I get the default credential from current windows identity
after impersnate the user:
clientSide.AuthenticateAsClient
(System.Net.CredentialCache.DefaultNetworkCredentials,
spn.ToString(),
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Delegation);

It always fails and error message is:
A security requirement was not fulfilled during authentication.
Required: Delegation, negotiated: Impersonation.

So what is the difference between above calls? Except one is manually
constructed?

Many Thanks

Jerry
 
G

Gregory A. Beamer

Hello,
I have a winform (client) and windows service (server),
At client side, when I construct a NetworkCredential manually by
providing username, password and domain, I can do this:

clientSide.AuthenticateAsClient(new NetworkCredential
("administrator","8ik,7UJM","jerry.test"),
spn.ToString(),
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Delegation);

however, if I get the default credential from current windows identity
after impersnate the user:
clientSide.AuthenticateAsClient
(System.Net.CredentialCache.DefaultNetworkCredentials,
spn.ToString(),
ProtectionLevel.EncryptAndSign, TokenImpersonationLevel.Delegation);

It always fails and error message is:
A security requirement was not fulfilled during authentication.
Required: Delegation, negotiated: Impersonation.

So what is the difference between above calls? Except one is manually
constructed?
Click to expand...

When you say "get the default credential from current windows identity
after impersonate the user" what do you mean exactly? Is this a web
service (ASMX or WCF) that is impersonating, another system, etc?

Depending on what is impersonating, you may have the security of the
configuration set up incorrectly. For example, web services have to be
configured to use Windows authentication to get the proper user token.

Regardless, check the actual user that is in the windows identity
credential by querying it after it is filled. If it is not the same,
that is the issue. If it is, check all of the properties and see if
there are any differences. Somewhere there has to be a difference you
can find and alleviate.


--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NegotiateStream.AuthenticateAsClient problem? 0

Top