Before I start chucking objects at the server, I'd like to see if there's something I'm missing. Simply put, I have a Windows Server 2003 IIS 6 web app that is attempting to send a WebRequest object at a listener on yet another Windows Server 2003 server. I've set up Kerberos, looks like the SPNs are all OK for the middle server, and have turned on Kerberos on that server.
- Do I have to use WindowsImpersonationContext when building and calling the WebRequest? Some sites seem to say you only need a web.config setting or two, some seem to say you need to explicitly delegate like this every time.
- Does the backend server (the last one on the chain) have to have Kerberos set up as well in the metabase for that website in order to respond correctly?