How to pass on user's identity from web application hosted in one IIS to the web service hosted in another IIS?
Question
I have a web application (developed in ASP.net 4.0) hosted in IIS 6.0 on Windows Server 2003 R2 machine. Integrated Windows Authentication is turned on for this web application.
I have hosted a web service (developed using WCF) in IIS 7.5 on Windows Server 2008 R2 machine. ' Windows Authentication is enabled for this web application too.
- I log on to my local machine using my windows domain account. When I browse the web application, it asks me my domain username and password. In web app, I get my identity correctly.
- From my machine (using some other Winform app), if I call the same web application (of a web service), service code executes under my windows identity.
So Integrated Windows Authentication works fine independently for both the web apps hosted in separate IIS on different machines.
Problem comes when the web application is browsed from my local machine and web page calls the service internally. In this case, "service does not run under my windows identity" as expected. It either runs under identity of the application pool of either asp.net web app or the web service's web app.
I don't want my web service to take responsibility of authenticating the user. It would use simple basicHttpBinding . It will just read name of the user using CurrentPrincipal or HttpContext etc. Validating user's identity should be done by the IIS only.
Can someone help me to pass on my windows identity from one IIS to another?
1 answers
solution1
1 2013-01-30 05:39:49
You need to set up kerberos delegation as identity won't be passed to another machine by default.
http://blogs.technet.com/b/askds/archive/2008/11/25/fun-with-the-kerberos-delegation-web-site.aspx
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.