asp.net impersonation setup

My web app is set to use Windows Authentication and Impersonation is set to true.

<authentication mode="Windows"/>
    <identity impersonate="true"/>

When I run it on my local machine (IIS6), I access Active directory with my current login.

WindowsIdentity curIdentity = WindowsIdentity.GetCurrent();
WindowsPrincipal myPrincipal = new WindowsPrincipal(curIdentity);

However when I access my site remotely Impersonation does not seem to b开发者_JS百科e working; I display the groups that the user belongs to - and get a very short list!

What else do I need?

Impersonation does not pass credentials more than 1 hop between machines. So your creds go from your machine to IIS but no further, accessing active directory is a 2nd hop. When everything runs on the same machine (as in your local case), it will work fine.

http://msdn.microsoft.com/en-us/library/aa292118(VS.71).aspx

I'm pretty sure you need to be specifying a user:

<identity impersonate="true" userName="contoso\Jane" password="pass"/>

Otherwise it will use the ASP.Net user, which will have limited privileges.

See here for more information (including how to store the username/password encrypted).