AcquireCredentials problem running inside iis

Alun Jones alun at texis.invalid
Fri May 12 20:04:04 EDT 2006 

aliwaheed1975 at yahoo.com wrote:
> My aim is to generate a security token to authenticate the user
> against one of our single-sign-on(SSO) servers(written in-house). I
> am using the SSPI samples (Microsoft Security SSPI Classes) which I
> downloaded from your website to generate tokens in order to perform
> an sspi authentication with our SSO server.

First, let's get one misunderstanding out of the way - this is not a 
web-site.

You are perhaps reading this discussion group through a web browser, but 
others are reading it through a Usenet newsreader.

Second, SSPI is a general API that is used for programming Kerberos, 
SChannel, and a number of other authentication protocols.  You do not tell 
us which protocol you're trying to use.

> Is there a way I can get the call to AcquireCredentials and
> subsequently to InitializeSecurityContext to yield a token relating to
> the currently logged on user.

Only if you're using a protocol that includes delegation and you are 
configured correctly to support delegation.

> This is the signature for acquireCredentials:
>
> SECURITY_STATUS sResult = AcquireCredentialsHandle(
> NULL, // [in] name of principal. NULL = principal of
> current security context
> pszPackageName, // [in] name of package

And the package name is ...?

Without that, we can't give good answers - as you'll see from the MSDN 
documentation for AcquireCredentialsHandle, there's different semantics for 
the different packages.

> fCredentialUse, // [in] flags indicating use.

What are these flags?

> Initially (for the above described symptoms), instead of pszlogonid
> there was a null being passed in. I have tried to pass in an SID and
> even the logoin session id (luid) but this causes the function to
> return -2146893050 which i'm pretty sure is SEC_E_NOT_OWNER. I get
> this error now, on the iis machine as well as the remote machine.

You're right that -2146893050 is SEC_E_NOT_OWNER.

I don't know exactly what the problem is that you're experiencing, but if 
you can provide more detailed information, perhaps we can get somewhere.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
23921 57th Ave SE         | alun at wftpd.com.
Washington WA 98072-8661  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

More information about the Kerberos mailing list