We are using our third party component for doing authentication and authorization with IIS6 web server on win2k3 X64 EE. Here we are using IMPERSONATION concept for this integration.
Can anybody describe the required configuration which are needed at IIS 6 for successfully impersonation of users with third party component?
Should we need to set Anonymous authentication explicitely for this kind of configuration?
Third party code will not be able to directly impersonate and have IIS use that user token. IIS will:
Thus, the only way for you to impersonate users with IIS is to change IIS's desired impersonation token. The following are the methods, in no particular order, that ISAPI can change IIS's desired impersonation token and hence control impersonated user. The method you choose depends on your authentication protocol's requirements.