Authentication and Authorization

I remember the first time I saw the acronym SPN when I were introduced to WCF some years ago. After reading the article in MSDN I didn't feel better. What is a ServicePrincipalName? The way I usually think now (and I apologize for you that don't...

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access recourses hosted on a different server. You should only allow that if you really trust the application server, otherwise the application may use your...

First a short explanaition on how the Kerberos ticket is encrypted: The client application (e.g. a web browser) is requesting a Kerberos ticket from the Domain Controller (KDC). As part of the communication with the DC, the client is sending the...

The next hurdle to solve is to connect to the database with the correct user. Without doing anything, your connection will be made by the application pool account - in the described scenario that would be the mydomain\hrwebact account. That was...

Connecting to a database on a remote SQL Server with the end-user credentials requires that you are impersonating the user in code. Start by ensuring that your web.config does not include impersonation: < system.web > < authentication mode...

Depending on how you installed SQL Server you may receve an SqlException -2146232060 when you are connecting to SQL Server from the web server using the credentials of the end user. One probably reason could be an error in the SPN registration....

As previously stated, a SPN is a kind of alias for a domain account. You can have many SPN for a single domain account, but the SPN must be unique in the forest. The name consists of two mandatory parts ( service class and host ) and two optional parts...

As you learned last time, the full syntax of SPN name is: service class/host [: port [/ service name ]] Today I will be talking about port. Port number is an optional qualifier that you can use to ensure that the SPN is unique in the forest. ...

Hi everyone Finally got around to setting up my blog. For those who don't know me - I'm Per Nygaard, an Architect in Microsoft Services, Denmark. I joined Microsoft in 1999 as consultant, and I have assisted many customer with both platform related...