This project is read-only.

If you have to flow the original caller, use constrained delegation

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Use delegation for flowing, the impersonated original user's security context (windows identity) to the remote back-end service. On the remote back-end service the original user’s windows identity can be used to authenticate or impersonate the original caller, to restrict or authorize original caller’s access to local resources.

When using delegation, on Windows Server 2003 or later, use constrained delegation. This allows administrators to specify exactly which services on a downstream server or a domain account can be accessed when using an impersonated user's security context.

Last edited Apr 24, 2008 at 12:57 AM by prashantbansode, version 2

Comments

No comments yet.