ASP.NET MVC的模拟问题

Question

I'm having a strange problem while using impersonation with ASP.NET MVC. I have a site that checks the status of different servers by reading some configurations files on each one of them. The app can also modify such files. Because the app will be used by several people (all of them with administrative grants in the servers),I need to have a log of all the changes done. I enabled Windows authentication to my site in IIS7 and also enabled id impersonation by adding the following to my web.config file.

<identity impersonate="true"/>

Just to be sure that the impersonation is working correctly, every time a user logged in I use the following to obtain the user that will be sending all the requests.

System.Security.Principal.WindowsIdentity.GetCurrent().Name;

When I enter the site from my Visual Studio environment, everything works correctly, the user logged is my NT id rather than the NETWORK SERVICE user and I'm able to access the remote files without problems. However, when I publish the site to our server it stops working. Even though it does seem that the impersonation is working because the NT id of the logged user is shown as the windows identity, I cannot access the files. What I found even weirder is that if I access the site directly on the server's browser, everything works ok, so I'm not sure where's the problem. In resume, here's what I'm dealing with.

1. Id impersonation works from development environment
2. Id impersonation works browsing directly in the server where the site is.
3. Id impersonation doesn't work when accessing the site from a browser outside the server. Even though the logged user name corresponds to the impersonated user profile, the site can not access the remote files.

Does anybody have an idea of what might be wrong? I'm kind of lost with this one...

Answer 1

In order to access remote files on behalf of an impersonated client, your server needs to be trusted for delegation. See this KB article for more info, or just google "trusted for delegation".