How to pass through windows authentication
Question
.I have a server within windows domain. Within that server there is IIS 7.5 installed. IIS serves requests to one web application for which NTLM windows authentication and impersonation are enabled. App pool is separate and has 2.0 version. Application has single-page front-end part. So user enters front-end part, enters credentials and works with it. Nothing especial here, for sure.
Recently I've added one more web service which is hosted also by IIS on another port in a separate app pool with 4.0 version. What I need is - sending requests from first app via Ajax to this new app, passing through windows auth. Of course - without additional prompt. The idea is - front-end from first app should send requests to this new one app via jquery ajax, passing through credentials.
What are the recommendations to achieve it without SSO etc.? Should I look for something like reverse proxy or there is something more obvious?
Thanks in advance.
1 answers
solution1
0 ACCPTED 2015-05-07 20:26:15
Ok. I'll put my own answer here. So, the idea how NTLM works was absolutely clear. That's why the questions was asked. As result - to achieve pass through on different web apps using NTLM - not possible. Because of how NTLM works and double-hop issue ( http://blogs.msdn.com/b/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx )
Finally I came up with such solution: - Created child application in a separate .NET 4 app pool. - Sent all the requests from parent to that child. In this case authentication is passed through without issues, of course.
The only one problem here is related to the fact that two services have to live within one IIS server and have this parent-child relation.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.