Hello,
I have following code from client: (it is just a test app)
using (

System.Security.Principal.WindowsImpersonationContext wic =
System.Security.Principal.WindowsIdentity.GetCurrent().Impersonate())
{
System.Net.ICredentials creds =
System.Net.CredentialCache.DefaultCredentials;


// need a full duplex stream - loopback is easiest
way to get that


using (NegotiateStream clientSide = new
NegotiateStream(new TcpClient(server,
port).GetStream()))
{
clientSide.AuthenticateAsClient
(System.Net.CredentialCache.DefaultNetworkCredentials,
"", ProtectionLevel.EncryptAndSign,
TokenImpersonationLevel.Delegation);
}
}

Server side has SPN set and active directory attributes set and has
the same settings as client (encryptandsign and require delegation),
but when I run it, I got this error:
The client side:
A remote side security requirement was not fulfilled during
authentication. Try increasing the ProtectionLevel and/or
ImpersonationLevel.
The server side error is:
A security requirement was not fulfilled during authentication.
Required: Delegation, negotiated: Impersonation.

If I change the ImpersonationLevel to impersonate, no error will be
thrown out. I suspect it is because I use
System.Security.Principal.WindowsIdentity.GetCurrent().Impersonate(),
instead of using username and password to do a logon. But I really
want to just use windowsIdentity to achieve delegation, as delegation
will be definitely required. Is it possible and can someone give me
some help?



Many Thanks

Jerry