ASP.Net web application trying to use Impersonation and Delegation to connect to SQL Server

Question

I\'m trying to use Impersonation and Delegation in an intranet ASP.Net web-app in order to pass authenticated users\' credentials onto a SQL Server.

The web server and S

Answer 1

I've discovered the answer:

The Windows Authentication provider in IIS7 must be set to Negotiate:Kerberos, not NTLM. This means that the Kernel-mode authentication setting must be disabled. This seems to be fine. I think I'm right in saying that Kernel-mode authentication is required when using a custom identity, i.e. one specific identity. Delegation can use an arbitrary number of identities. So all is well.

I've written a blog post about this too, which goes into a bit more detail.