Page Comparison

...

When using Windows Authentication, Aptify uses impersonation to pass a user's login credentials from the web server to the database server. When the web server and database server reside on different computers on the network, a network administrator needs to enable delegation to allow the web server to pass the impersonated credentials to the database server.

...

Delegation is configured by a network administrator using the Active Directory Users and Computers interface, which is available as an Administrative Tool on the domain controller. Note that Aptify requires that you configure constrained delegation, which is available for Windows 2003 domains and higher.

When deploying the Aptify site on the local Intranet, the Kerberos protocol is used for authentication. When deploying the Aptify site on the public Internet, any protocol may be used, including Kerberos. In order to use Kerberos authentication securely, services on both the database server and the web server must be mapped to service principal name (SPN) in Active Directory. This ensures that the accounts that run these services can be uniquely identified for mutual authentication with Kerberos. By default, when installing Microsoft SQL Server 2008 (and higher) is installed, the account that is specified to run the database service is mapped to an SPN automatically. However, when IIS 7 is installed on the web server, the account that is used to run the HTTP service is not automatically mapped to a SPN. Therefore, prior to configuring delegation, an account that has the proper permissions to run the HTTP service on the web server must be mapped to a SPN in Active Directory. See Configuring Service Principal Names for the Web Server for more details.

...