This project is read-only.

If You Have to Flow the Original Caller to the Backend Services, Use Constrained Delegation

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use delegation for flowing, the impersonated original user's security context (windows identity) to the remote back-end service. On the remote back-end service the original user’s windows identity can be used to authenticate or impersonate the original caller, to restrict or authorize original caller’s access to local resources.

When using delegation, on Windows Server 2003 or later, use constrained delegation. This allows administrators to specify exactly which services on a downstream server or a domain account can be accessed when using an impersonated user's security context.

Additional Resources

Last edited Jun 12, 2008 at 10:41 PM by prashantbansode, version 1


No comments yet.