ok. After about 5 hours of debugging I am losing hair and as I'm only 22 this is not good. I have a webservice that gets the directory structure of out file server and puts it into an xml file for use later on. This will not work with impersonation unless I define the username / password in the web.config which, of course, causes a problem in security. I would like to use pass-through security from the page calling the web service in the first place. this first page knows who the user is and is enforcing NTFS privileges correctly so my question is this, how can I define the user to run the webservice as to be equal to the user accessing the web page?
Just to confirm, I have set up iis to use windows authentication, disabled the anonymous log on and set impersonation = true in both web.configs (the application and the web service, thw two have to be seperate as the web service is to be used in several different applications)
Just to confirm, I have set up iis to use windows authentication, disabled the anonymous log on and set impersonation = true in both web.configs (the application and the web service, thw two have to be seperate as the web service is to be used in several different applications)