« Previous Next »

• 09-10-2009, 10:09 AM

  Irgi Joined on 09-10-2009, 1:56 PM Germany Posts 1

  Java-Applet authenticates with NTLM instead of Kerberos, Double-Hob-Issue Reply Contact I have a well running 3-tier web application in a Windows 2003 domain. The Internet-Explorer Clients call aspx-pages ont he webserver. The webserver then performs a DCOM call to a document management server using impersonation. It all works fine using only aspx pages. Checking the thread principal before doing the call to DCOM shows me the correct Windows-User on the client machine and the Authentication-Type "Kerberos". Here comes the problem: There is a java-applet (which is a third party thing) in one of the webpages to allow the user to drag documents onto it and then it calls an aspx page to upload the document. Checking the thread principal before doing the call to DCOM shows me the correct Windows-User on the client machine but the Authentication-Type "NTLM". The thread now tries to call DCOM using the "Anonymous" user (I see this in the eventlog of the server that hosts the DCOM object) and throws an exception when i call Activator.CreateInstance(type). Looks like the classic "Double-Hop-Issue". Any ideas how to fix this or work around it?

  Tags: 0x80070005COM objectsASP.NET ImpersonationIIS 7authorizationIIS 7 Windows AuthenticationKerberosASPNETimpersonateDouble-Hop-IssueJava-AppletNTLM

• 09-10-2009, 7:19 PM

  In reply to

  lextm Joined on 10-22-2008, 4:18 AM Shanghai, PRC Posts 1,412

  Re: Java-Applet authenticates with NTLM instead of Kerberos, Double-Hob-Issue Reply Contact If you cannot let Java work with Kerberos, there is no easy workaround unless you turn to basic authentication. I think you'd better post the question to a Java forum to see if there is some workaround on Java side. Thanks, Lex Li Support Engineer at Microsoft --------------------------- This posting is provided "AS IS" with no warranties, and confers no rights.