Impersonate problem

[Steve B.]

Hi,

I'm having difficulties to configure security in a 3 tiers web application.

Let's explain the scenario :

A. The client computer is running in a domain in which the user is
authenticated (domain\theuser). The user call a web application
http://myserveur/myapp

B. The web application have this entry in the web.config :

<identity impersonate="true" />

in order to make the web application run with the rights of the user (I
check this in System.Threading.CurrentPrincipal.Identity, which is
domain\theuser).

C. The web application run in an dedicated application pool which is
configured to use a specific user as its identity (domain\serviceaccount).

D. The web application query data from another web service on an other web
serveur http://mywsserver/myws/service.asmx which also have
impersonate="true" configured. The property UseDefaultCredentials of the
proxy object is set to true.

E. The problem is that the web service see the incoming request runnig as
domain\serviceaccount instead of domain\theuser.

F. Under the computer account in the AD managment tools, the server that
host the web application is configured to allow delegation of security.


I don't know I'm wrong, and I would appreciate any help to solve this
problem.

Steve

 

[Alvin Bruney [MVP]]

isn't it running in the application pool with the similar account. you have
too many impersonations going on. what's the point of the app pool one? just
use one or better yet, use code impersonation which is a lot safer.

--
________________________
Warm regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
Professional VSTO.NET - Wrox/Wiley
The O.W.C. Black Book with .NET
www.lulu.com/owc, Amazon
Blog: http://www.msmvps.com/blogs/alvin