I am working on an ASP.NET 4.0 MVC3 web application that runs on an intranet environment. The application uses Windows authentication. Its application pool is started by a domain user who has spn installed on the domain controller. Authentication works using Kerberos (in IE and Firefox after some additional configuration).
Now I want to upload files to sharepoint, but for me it is important to upload the file as the user who is currently logged into the application (so the file is created in Sharepoint with its credentials).
I have the following code in a ResourceExists(Uri uri) function:
'... Dim identity As System.Security.Principal.WindowsIdentity = HttpContext.User.Identity Dim impersonationContext = identity.Impersonate() response = request.GetResponse() impersonationContext.Undo() '...
This works when starting locally, but when I deploy the server, I get an exception:
System.Net.WebException: The remote server returned an error: (401) Unauthorized.\r\n at WebDav.WebDavClient.ResourceExists(Uri uri)\r\n at Website.Website.WebdavController.Upload(HttpPostedFileBase file, UploadViewModel vm)
I read something about credential transfer, which is not possible in NTLM, but I'm sure I'm using Kerberos (I checked the headers with wirehark and fiddler) and I see the following:
Authorization: Negotiate YIIFpQYGKwYBBQUCoIIFmTCCBZWgJDAiBgkqhkiC9x...
Any ideas why impersonation doesn't work when working on an IIS server?
source share