Skip to content

Delegation Browser->ScrapperTest.aspx->WhoAmI.aspx not working with defaults values #379

New issue
New issue
Open
Open
Delegation Browser->ScrapperTest.aspx->WhoAmI.aspx not working with defaults values#379
@TiagoFAbreu

Description

@TiagoFAbreu
TiagoFAbreu
opened on Oct 3, 2024

Hi all.
I would like to report a problem with "samples/samples/aspnet/Identity/CurrentUserInfoRetrieval/ScrapperTest.aspx".

For the use case with delegation to work (so the identity in the browser is passed to ScrapperTest.aspx that passes it to WhoAmI.aspx) the webapp that ScrapperTest.aspx is running, needs to have on IIS Manager, Authentication, ASP.NET Impersonation Enable, with “Authenticated User”. But with this we cause the following error: “
HTTP Error 500.24 - Internal Server Error
An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
Most likely causes:
system.web/identity@impersonate is set to true.
Things you can try:
If the application supports it, disable client impersonation.
If you are certain that it is OK to ignore this error, it can be disabled by setting system.webServer/validation@validateIntegratedModeConfiguration to false.
Move this application to an application pool using Classic .NET mode - for example, %SystemRoot%\system32\inetsrv\appcmd set app "Default Web Site/" /applicationPool:"Classic .NET AppPool"
(You can set "Classic .NET AppPool" to the name of another application pool running in Classic managed pipeline mode)

Only by changing one of the above (app pool to classic or system.webServer/validation@validateIntegratedModeConfiguration to false), have on the ScrapperTest.aspx page, Options, select “Use Credentials”, and have all setspn and delegations done), only then, the identity in the browser goes to ScrapperTest.aspx and then to WhoAmI.aspx (I can see the identity of the user of the browser in the “Page Content from response”).

If I Disable “ASP.NET Impersonation”, even selecting ScrapperTest.aspx, Options select “Use Credentials”, with the page WhoAmI.aspx, the “Page Content from response” will say that the user arriving to WhoAmI.aspx is the user of the Application Pool of the web app of ScrapperTest.aspx, and not the user of the Browser.

So, can you make it work without those changes, so with the default values?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions