We have developed a WebAPI application that runs on IIS 6.2. That API uses Integrated authentication. So, the operations will be executed in the user context of the user that is calling the API.
Apart from that, because some of that operations execute remote actions to another server in the platform. We used constrained delegation (kerberos) to manage the Kerberos double hop and be validated in the remote server as the user calling the API.
We made the configuration changes in the IIS (regarding enabling Windows authentication) and we enabled "Trust this computer for delegation to any service (Kerberos only)" in the AD for the server running the IIS.
The current status is, if we access the API using localhost, everything is working as expected. However, if we access using the FQDN or even 127.0.0.1, it fails with unauthorized when the API call executing the remote operation behind the scenes returns.
Does anyone know what we can fix such configuration issue?
Thanks
