Hi all,

we are running a .NET web service which uses Kerberos delegation to
access a backend service on behalf of the client's security context.

We have no problem with .NET client applications or IE accessing the web
service, but in case of a Java app acting as client, delegation fails.

The Java app correctly requests a TGT from the Win 2003 Active Directory
and then requests and gets a valid service ticket to access the .NET web
service. After that, the web service does a programmatically
impersonation before making a ADSI/LDAP bind to the AD. This
impersonation fails in case of a Java application.

Client:
- Java 6 application on Windows

Web Service:
- IIS 6
- ASP.NET 2.0 Web Service

Backend Service:
- Windows Server 2003 Active Directory Domain Controller (LDAP)


Did anyone implemented a similar environment and may help me to find a
solution? I can post configuration files, log files and network traces.

loki