Kerberos, delegation and how to do this correctly?

Question

I\'ve got two separate homemade applications that need to communicate among themselves. One is a frontend application (asp.net actually), the other is a backend interface to

Answer 1

Actually Kerberos delegation is designed exactly for this use case. But the challenge here is craft this on a legacy system and with AD's settings that you do not want to change.

One possible hack is to have the Front End just send the user and the time of authentication but the backend can query the Active Directory Event Logs to determine whether that user has authenticated to the Front end. This requires you to use WIndows Event Log API.and also play around with Event Log settings in AD to log the issue of service tickets. (MY recollection is that this is the default) -