Kerberos Protocol Transition and Constrained Delegation

6. Add the following lines to web.config in order to always impersonate the user when anyone comes to the site. Alternatives are to code impersonation within the application, but that is way beyond the scope of this article.

- <identity impersonate="true" />
- <authentication mode="Windows" />

7. Create an application pool and set the identity to the above account.

8. Install the application into its own website, or a virtual directory off another website.

9. Set the application pool for the virtual directory/website to the above application pool.

You should now find that when you go to the website and access the database, then the user that is logged on is the one who accessed the site rather than anonymous user or the application pool’s identity. This is now true regardless of what method of authentication you use on the web server (other than anonymous access only, of course).

Copyright 2004 by the author.