views:

856

answers:

1

What is the best practice for impersonating the current SharePoint user when accessing a web service that uses NTLM authentication? The webpart has the user name but not password, and apparently, passing the network credential from the webpart does not work. The remote web service uses NTLM to authorize the user.

+3  A: 

If the web service is on the same server as SharePoint and you are using NTLM to hit SharePoint, then this may just plain work. If the web service is on a different machine than SharePoint then you will either need to be using Kerberos (which can delegate credentials to another server) in both environments or you will have to provide the full credentials of the user within your web part when communicating with the web service. Of course this means that you would have to know the password of the user. The MOSS Single Sign-on (SSO) feature can be used just for this purpose.

Kirk Liemohn
I believe Kirk describes routes around the "double hop" problem. There's more information about this at http://blogs.msdn.com/knowledgecast/archive/2007/01/31/the-double-hop-problem.aspx
Simon Svensson