BITS, TakeOwnership, and Kerberos / Windows Integrated Authentication

Posted by Charlie Flowers on Stack Overflow See other posts from Stack Overflow or by Charlie Flowers
Published on 2010-06-12T01:30:36Z Indexed on 2010/06/12 1:42 UTC
Read the original article Hit count: 364

We're using BITS to upload files from machines in our retail locations to our servers. BITS will stop transferring a file if the user who owns the BITS job logs off. Therefore, we're using a Windows Service running as LocalSystem to submit the jobs to BITS and be the job owner. This allows transfers to continue 24/7.

However, it raises a question about authentication. We want the BITS server extensions in IIS to use Kerberos to authenticate the client machine. As far as I can tell, that leaves us with only 2 options, both of which are not ideal: Either we create an "ImageUploader" account and store its username/password in a config file that the Windows Service uses as credentials for the BITS job, or we ask the logged on user who creates the BITS job for his password, and then use his credentials for the BITS job. I guess the third option is not to use Kerberos, and maybe go with Basic Auth plus SSL.

I'm sure I'm wrong and there's a better option. Is there? Thanks in advance.

© Stack Overflow or respective owner

Related posts about windows-authentication

Related posts about kerberos