Hi Guys

I ran into this issue at a client today and thought I would share the findings and resolution for this problem.

This problem was encountered using 1320 on a distributed environment using NLB and 2 webservers.

I recieved this error as the clients asp.net applicaiton impersonates specific users to get a custom written worklist from K2. These users are authenticated via a custom webservice and SQL DB. IIS settings are allow annonumus authentication, forms based authentication. The integrated auth was turned off as the external users do not have access to the clients AD nor are they on the domain.

So what happened was that the thread in which the web UI was running was impersonating the user however as IE was running in forms/annon mode it had no idea of who was logged in, and thus PTA failed on the first try as annon cant impersonate anyone by default. IIS then reverted back to the admin/service account which the app pool in which the web UI was running to create the K2 connection.

So the process works, kicked off correctly etc etc... but the problem the client had was that there was warning notices generated by K2 saying that the "Current Host Server configuration prevents pass-through to non-Windows identities" which is entirly plausable knowing the environment as you now do.

So what I did was is strip the thread of its principal name in the code using :

Principal X = Thread.CurrentPrincipal;

Thread.CurrentPrincipal = null;

<do stuff with K2>

Thread.CurrentPrincipal = X;

and then assign the origional principal name back to the thread as the code above suggests.

This sorted out the error messages in the event log for good.