All geek questions in one place

Double Hop Impersonation, Protocol Transition, and Limited Deletion in ASP.NET 4

I want to use IIS impersonation to connect to a SQL Server database as the user who is currently accessing the website. This includes auditing and security considerations.

I did some reading and found that since SQL Server is on a separate physical server, I need to enable protocol delegation and delegation restriction for the server running IIS. This is the article I found ... http://msdn.microsoft.com/en-us/library/ff649317.aspx

I did not understand at the time when I first read it, but this article has the following heading ...

Retired Content

This content is outdated and is not longer persisted. it is provided as a courtesy to individuals who still use these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

What I want to know is that the information contained in this article is still applicable, if I want me to pretend to be a user on SQL Server all the time, I still need a limited deletion, or it was implemented by which something else for ASP.NET 4?

+1
source share
1 answer

Limited delegation is the only way to pass the credentials returned to the second host. ASP.Net has nothing to do with it; it is just a regular application that uses the Kerberos infrastructure. Nothing changed. After an ASP.NEt application impersonates an IIS authenticated context (see Configuring ASP.NET Impersonation Authentication ), the same delegation rules apply:

  • The application pool account must be configured to be trusted for limited delegation
  • SQL Server must have proper SPN registration
+1
source

Source: https://habr.com/ru/post/922221/

More articles:


All Articles