Is This Content Helpful?
We're glad to know this article was helpful.
An ASP.NET application may not be able to access remote resources when the following conditions are true:
1) Internet Information Server (IIS) is configured to use Integrated Windows authentication.
2) The ASP.NET application is configured to impersonate the logon user.
3) The Web browser and IIS are on different machines and IIS and remote sources are on different machines.
When the above conditions are true, ASP.NET application uses delegation to access the remote sources. Your network may not be configured to allow delegation. To confirm this is a delegation problem, try one of the following:
1) Run the Web browser from the same machine that hosts IIS.
2) Access a resource on the same machine as IIS.
3) Configure the IIS application to use Digest authentication or Basic authentication.
If any of the above approaches works, the problem was the delegation problem.
Delegation relies on Integrated Windows authentication to access resources. There is no limit on the number of computers that you can delegate your account, as you must just correctly configure each of them. The Integrated Windows authentication method works only if the following two conditions exist:
1) You set up your network to use the Kerberos authentication protocol that requires Active Directory.
2) You set up the computers and accounts on your network as trusted for delegation.
If these conditions are not true, you cannot use Integrated Windows authentication to access data on a remote resource because Integrated Windows authentication only gives you access to the IIS server and not to the additional resources configured for Windows authentication that the IIS server remotely accesses.
Either configure the network to allow delegation or configure the application not to use delegation.