Y
yuval k.
Hi all
i have a web application (DOTNET application) which is connected to the AD.
i need to logon to the web application using a smart card,
after the authentication the web application tries to connect
to the AD and create a new user in the AD using the context
of the smart card user. the smart card user authenticates himself
to the web application :
i've checked it in the log file of the web server
and in the security log --
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 10/2/2003
Time: 5:38:52 PM
User: MYDOMAIN\12345
Computer: MANUTD
Description:
Successful Network Logon:
User Name: 12345
Domain: MYDOMAIN
Logon ID: (0x0,0x7656D)
Logon Type: 3
Logon Process: Schannel
Authentication Package: Kerberos
Workstation Name: MANUTD
Logon GUID: -
Caller User Name: MANUTD$
Caller Domain: MYDOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 572
Transited Services: -
Source Network Address: -
Source Port: -
but the logon process to the AD failed --
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 10/2/2003
Time: 5:38:52 PM
User: NT AUTHORITY\SYSTEM
Computer: CHELSA
Description:
Pre-authentication failed:
User Name: 12345
User ID: MYDOMAIN\12345
Service Name: krbtgt/MYDOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 10.5.10.136
i've checked all the checkbox for delegation in all user and computer
accounts but still it doesn't work.
if i use username and password to authenticate to the web server
the application work fine with no errors.
even if i change the web.config file
<identity impersonate="true" userName="MYDOMAIN\12345" password="123456">
(it's not the real password
)
it still works when i use password authentication but fails with
smart card logon.
can someone help me please, i've contacted microsoft but they still
don't have answer for me.
i have a web application (DOTNET application) which is connected to the AD.
i need to logon to the web application using a smart card,
after the authentication the web application tries to connect
to the AD and create a new user in the AD using the context
of the smart card user. the smart card user authenticates himself
to the web application :
i've checked it in the log file of the web server
and in the security log --
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 10/2/2003
Time: 5:38:52 PM
User: MYDOMAIN\12345
Computer: MANUTD
Description:
Successful Network Logon:
User Name: 12345
Domain: MYDOMAIN
Logon ID: (0x0,0x7656D)
Logon Type: 3
Logon Process: Schannel
Authentication Package: Kerberos
Workstation Name: MANUTD
Logon GUID: -
Caller User Name: MANUTD$
Caller Domain: MYDOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 572
Transited Services: -
Source Network Address: -
Source Port: -
but the logon process to the AD failed --
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 10/2/2003
Time: 5:38:52 PM
User: NT AUTHORITY\SYSTEM
Computer: CHELSA
Description:
Pre-authentication failed:
User Name: 12345
User ID: MYDOMAIN\12345
Service Name: krbtgt/MYDOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 10.5.10.136
i've checked all the checkbox for delegation in all user and computer
accounts but still it doesn't work.
if i use username and password to authenticate to the web server
the application work fine with no errors.
even if i change the web.config file
<identity impersonate="true" userName="MYDOMAIN\12345" password="123456">
(it's not the real password
)it still works when i use password authentication but fails with
smart card logon.
can someone help me please, i've contacted microsoft but they still
don't have answer for me.