Weird impersonation issue

  • Thread starter Thread starter kaliszewskim
  • Start date Start date
K

kaliszewskim

Just recently, we started getting a weird impersonation problem on one
of our web apps (which used to work).

IIS is set to use Windows Authentication, Anonymous is disabled
Web.config specifies to use Windows Authentication, Impersonate = true
Web server is trusted for delegation.

The app goes out to a file server (on the local network) to retrieve an
image file.

Here is where it gets weird - If I run the app from my machine, the
authentication and impersonation work and I can get the file to
manipulate it. If I go to the Security Log on the file server, I can
see my User Name and the Success Audit.

However, if I go to any other computer, still using the same domain
account, the Impersonation does not seem to make it all the way to the
file server. I use
System.Security.Principal.WindowsIdentity.GetCurrent().Name to get the
user that the process is running under and it returns my user name,
however, on the file server, there is a failure audit from
WEBSERVER\Anonymous Logon.

I have had another person test it, and they get the same results - it
does not work from their machine, but if they log on to my computer, it
works fine.

Anyone have any idea what is going on here? Why is this only working
from my computer? I thought I looked at all the relevant settings in
IE, etc, but can't find any differences. Any ideas?
 
Hi,

The problem is that the credentials can not be passed from the web server to
the file server, this requires delegation. For this to work you would have
to use kerberos which supports delegation across multiple hops.
 
Could you explain this further?

Also, I still don't understand why this works from my pc and not any
others.
My_PC->Webserver->Fileserver - works
Other_PC->Webserver->Fileserver - does not work
 
Could you explain this further?

Also, I still don't understand why this works from my pc and not any
others.
My_PC->Webserver->Fileserver - works
Other_PC->Webserver->Fileserver - does not work
Click to expand...

Your PC is the webserver, or not? If you are logged in on your PC when you
access its website from another computer, does that make a difference?
 
Ben said:
Your PC is the webserver, or not? If you are logged in on your PC when you
access its website from another computer, does that make a difference?
Click to expand...

No, my PC is not the webserver. It does not matter if I am logged into
my pc and I itry to access the page from another computer - it still
does not work. Other users can also log into my desktop and access the
page without a problem, which is why I thought that something is
different with my desktop.
 
Back
Top