|
Home > Archive > IIS Server Security > January 2007 > Unable to authenticate via kerberos to IIS site accepting client c
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Unable to authenticate via kerberos to IIS site accepting client c
|
|
| jacorona 2007-01-31, 7:21 am |
|
Hello all,
After spending a few hours searching the web, I post this message to this
newsgroup just in case what seems to me an strange behaviour could be due to
IIS.
I'm trying to access a web service hosted in an IIS site configured to
accept both "Integrated Windows authentication" and "client certificates"
using an "https:" Uri. The client is a WinForm application in .Net 2.0.
When I configure the web service proxy to use client certificates it works
OK (the cert is mapped to a Windows account and the web service runs).
However, if I configure it to use the integrated Windows credentials, it
hangs.
Perhaps the .Net proxy configuration is more complex than I suspect, but I
post the doubt to this newsgroup just in case that IIS shouldn't be
configured that way for any reason. Summarising, should it be possible to
access an IIS site thru an "https:" Uri using either Windows integrated
authentication or client certificates?
Any help will be appreciated. Many thanks.
| |
| David Wang 2007-01-31, 7:19 pm |
| Windows Integrated Authentication works over HTTPS. Independent of
Client-Cert mapping.
On which network leg does the network proxy happen? Because Integrated
Authentication user token cannot be "proxied" downstream by default.
//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//
On Jan 31, 2:27 am, jacorona <jacor...@discussions.microsoft.com>
wrote:
> Hello all,
>
> After spending a few hours searching the web, I post this message to this
> newsgroup just in case what seems to me an strange behaviour could be due to
> IIS.
>
> I'm trying to access a web service hosted in an IIS site configured to
> accept both "Integrated Windows authentication" and "client certificates"
> using an "https:" Uri. The client is a WinForm application in .Net 2.0.
>
> When I configure the web service proxy to use client certificates it works
> OK (the cert is mapped to a Windows account and the web service runs).
> However, if I configure it to use the integrated Windows credentials, it
> hangs.
>
> Perhaps the .Net proxy configuration is more complex than I suspect, but I
> post the doubt to this newsgroup just in case that IIS shouldn't be
> configured that way for any reason. Summarising, should it be possible to
> access an IIS site thru an "https:" Uri using either Windows integrated
> authentication or client certificates?
>
> Any help will be appreciated. Many thanks.
|
|
|
|
|