HttpClient & Windows Auth: Pass logged in User of Consumer to Service

Question

I am struggling to understand and set up a Service and Consumer where the Service will run as the user logged into the Consumer.

My consumer is an MVC application. M

Answer 1

The key issue with double hop is delegation of user credential to second call. I want to elaborate a little bit about it. C1 = client browser , S1 = First Server , S2 = Second Server.

Suppose our complete system support window authentication. When user access S1 from browser , its default window credential pass to server S1, but when S1 make a call to S2 , by default it don't pass credential to S2.

Resolution :

1. We must enable window authentication/ impersonation on both machines.
2. WE need to enable delegation between server so that S1 can trust to S2 and will pass credential to S2.

You can find some useful details at below links : http://blogs.msdn.com/b/farukcelik/archive/2008/01/02/how-to-set-up-a-kerberos-authentication-scenario-with-sql-server-linked-servers.aspx

https://sqlbadboy.wordpress.com/2013/10/11/the-kerberos-double-hop-problem/