Home
ASP.NET Forums » Data Access » Active Directory and LDAP » Delegation needed?

Delegation needed?

Last post 06-25-2009 10:08 AM by TomRob. 0 replies.

Sort Posts:

  • Delegation needed?

    06-25-2009, 10:08 AM
    • Member
      point Member
    • TomRob
    • Member since 06-25-2009, 9:46 AM
    • Posts 1

    Hello,

    it would be nice if someone could help me get on the right track, as I'm new to AD development.

    We have a technical AD user on a host that we use to write to Exchange on that machine.

    The problem is that in the audit log we only see the technical user, not the client who made changes (For instance, "last change" when

    creating a contact in Outlook)

    We also have an application server (i'm hoping I can treat it as relay) sitting in between so the setup is:


    AD <-> Exchange <-> AppServer <-> Client


    ("<->" represents network connection)

    The client app is logged in at the AD machine with Kerberos, so I can get a valid Token.

    The technical user lives on the Exchange side.


    Could I simply marshal the WindowsIdentity from the client to the AD server, and then Impersonate there?

    Or would I need to use AD delegation?

    I thought about an even simpler solution, if possible. Could the technical user not just change access attributes?


    What do you think? Thanks for your opinions!
Page 1 of 1 (1 items)
RSS Available

Contact | Advertise | Ads by BanManPro | Running IIS7
All Rights Reserved. | Terms of Use | Trademarks | Privacy Statement
© 2009 Microsoft Corporation.