Hi I'm having problems with forcing IIS to delegate requests to remote resources. In order to solve the problem I wrote a simple Asp.Net application that reads a file on a remote server. Except for the 3 lines of code that open the file, I added: ‘ to the web.config file. The site is set to use integrated security as the authentication type. In these settings, delegation works when I access the site from localhost but fails when I access the site from another computer. If I change the authentication type to basic, everything works. After some research I found out that the reason for this behavior is that integrated seucirty uses NTLM instead of Kerberos and therefore the IIS server only has a hash code of the user's password which cannot be used to further delegate requests. Basic works since the user’s password is sent in blank text to the server and therefore the server has the username and the password in order to delegate requests. I also understood that in order to enable Kerberos I must set Active Directory to allow delegation. The two options to do this are: 1. Set the computer account in Active Directory to be trusted for delegation (by checking a box in its properties). 2. Set IIS to run under a user account in the domain and set this account in active directory to be trusted for delegation. I tried the first option but it didn't work. As for the second option, I couldn't get IIS to run under an account of a user in the domain since the service is shared. Some more details: 1. The OS is Win2k Server. (I also tried it on Win2k workstation and nothing worked either. The only difference was that the workstation did let me run IIS service under a user account, but this option didn't help also). 2. At some time in the past I changed the machine.config file in the framework configuration file. The change was in the tag where I changed the attribute user="machine" to user="System". This changed allowed uploading files to the server and allowed contacting LDAP 3.None of the accounts in active directory is marked 'sensetive and cannot be delegated' 4.All the browsers have their advanced options set to use integrated security. If anyone solves this mystery it would be a lot of help. Thanks.