Quantcast
Channel: Security
Viewing all articles
Browse latest Browse all 1881

URL Rewrite + Kerberos delegation

$
0
0

Hello,

Could somebody please help me? I have two IIS servers, and each has only Windows authentication enabled. The first one re-routes some requests to the second one using ARR + a reverse proxy rule using URL Rewrite. I want

1) to be able to use Kerberos to seamlessly authenticate to both of the servers,
2) the servers to be running under different identities.

Is that possible? I know there's Kerberos (un)constrained delegation, but I couldn't get it to work no matter how hard I tried. The ARR server just passes the ticket it receives from the client to the "backend" server, which I assume cannot decrypt it. It is my understanding that the ARR server must first request another ticket prior to actually redirecting the client request.

I was able to set things up (using Kerberos unconstrained delegation) when both servers were using the same identity, which is not possible I'm afraid.

So, am I using the right tool for the job? Is that even possible?

Thank you.


Viewing all articles
Browse latest Browse all 1881

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>