ITDevSpace - Development Tips & Tricks

* Using Registry Key Set/Add this string registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] Name: AuthNegotiateDelegateWhitelist Value: * * Using Command Line param --auth-negotiate-delegate-whitelist=* Delegation can be restricted to servers in the specific domain *.mydomain.com I’ve tested it with IIS + SQL Server and double hop delegation works fine. You can read more about Google Chrome command line params here .

DelegConfig is an ASP.Net application to test Kerberos/Delegation configuration on your IIS & SQL Server. Useful for testing double hop authentication issues.

When you use double-hop authentication (WebBrowser->IIS->SQL Server) code executed on the webserver inside Parallel.Invoke() or Task.Factory.StartNew() is no longer executed as authenticated user (domain\username) but is being changed to (domain\iisservername$). You can see it in Environment.UserName when debuging. So if you're executing any SQL queries as Tasks you might get permission denied errors. The way to fix it is to pass custom TaskScheduler from CurrentSynchronizationContext Parallel.Invoke( new ParallelOptions() { TaskScheduler = TaskScheduler.FromCurrentSynchronizationContext() }, () => { /*do something here;*/ }, ); Task.Factory.StartNew( () => { /*do something here;*/ }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.FromCurrentSynchronizationContext() ); This is a good article about SynchronizationContext It's All About the SynchronizationContext