Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Security / November 2003

Tip: Looking for answers? Try searching our database.

Impersonation, Delegation & SQL Server

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Rob Edwards - 20 Nov 2003 15:28 GMT
I bailed on this before and just went to Basic Authentication and told the
users they would have to live with signing on again.... but now I need to
get it working...

Domain:  Windows 2003
Web Server:  Windows 2003
SQL Server:  Windows 2000

The web server and the SQL server are trusted for delegation.
The user accounts are trusted for delegation.

The web page has <Identity Impersonate="true"> and <Authentication mode
="Windows">

I'm running into the same "double-hop" problem.. even though everything
should be using Kerberos.

A user (running XP) opens a page on the web server.. the web server then
tries to access the SQL Server database.. but returns:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

The web server has Anonymous access turned off.
The web server has Integrated Windows authentication turned on.

IIS is running under the local system account.

The web server has been added to the SQL Server database
\\DomainName\ServerName$

I've gone round-and-round with this issue before and was never able to come
up with the solution.

Can anyone help?
Reply to this Message
Jim Cheshire [MSFT] - 20 Nov 2003 16:41 GMT
Rob,

This isn't actually caused by your user not being authenticated.  It's a
problem with the delegation.  You should probably raise this in the SQL
newsgroups.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
jamesche@online.microsoft.com

This post is provided as-is with no warranties and confers no rights.

--------------------
>From: "Rob Edwards" <RobEdwards@Landam.com>
>Subject: Impersonation, Delegation & SQL Server
[quoted text clipped - 8 lines]
>NNTP-Posting-Host: 206.211.101.76
>Path:
cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa07.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:7598
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
[quoted text clipped - 32 lines]
>
>Can anyone help?
Reply to this Message
Vinay R. Indoria - 28 Nov 2003 11:52 GMT
hey Rob,

I am in same loop...... is there any progress on this
issue. How to resolve this "double-hop" issue.

need ur guidence.

regards
Vinay R. Indoria

>-----Original Message-----
>I bailed on this before and just went to Basic Authentication and told the
[quoted text clipped - 33 lines]
>
>.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.