Ask a Question related to ASP.NET Security, Design and Development.
-
Rob Edwards #1
Impersonation, Delegation & SQL Server
I bailed on this before and just went to Basic Authentication and told the
users they would have to live with signing on again.... but now I need to
get it working...
Domain: Windows 2003
Web Server: Windows 2003
SQL Server: Windows 2000
The web server and the SQL server are trusted for delegation.
The user accounts are trusted for delegation.
The web page has <Identity Impersonate="true"> and <Authentication mode
="Windows">
I'm running into the same "double-hop" problem.. even though everything
should be using Kerberos.
A user (running XP) opens a page on the web server.. the web server then
tries to access the SQL Server database.. but returns:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
The web server has Anonymous access turned off.
The web server has Integrated Windows authentication turned on.
IIS is running under the local system account.
The web server has been added to the SQL Server database
\\DomainName\ServerName$
I've gone round-and-round with this issue before and was never able to come
up with the solution.
Can anyone help?
Rob Edwards Guest
-
ASP.NET Impersonation / delegation
you are on the right track. ntlm will not delegate even if your security team allowed delegation, only digest allows delegation. on win2k you... -
ASP.NET Impersonation & Delegation
I have read various articles regarding explaining ASP.Net security model. I have one simple question regarding Delegation that i can't seemed to... -
Impersonation or Delegation?
A client makes a request that executes a stored procedure in SQL Server. That stored procedure attempts to read a file on the web server but fails... -
Impersonation/Delegation security considerations
I'm having trouble finding specific documentation regarding the negative impact of using delegation in a Windows 2000 environment. I've read... -
Impersonation and delegation
I've read many messages and even more technotes, but I still can't get the following scenario to work: I have a Windows 2003 web server and a... -
Jim Cheshire [MSFT] #2 RE: Impersonation, Delegation & SQL Server
Rob,
This isn't actually caused by your user not being authenticated. It's a
problem with the delegation. You should probably raise this in the SQL
newsgroups.
Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
[email]jamesche@online.microsoft.com[/email]
This post is provided as-is with no warranties and confers no rights.
--------------------cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTN GXA05.phx.gbl!TK2MSFTNGP08>From: "Rob Edwards" <RobEdwards@Landam.com>
>Subject: Impersonation, Delegation & SQL Server
>Date: Thu, 20 Nov 2003 10:28:33 -0500
>Lines: 36
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
>Message-ID: <ONDd2r3rDHA.2084@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: 206.211.101.76
>Path:
.phx.gbl!TK2MSFTNGP12.phx.gblmicrosoft.public.dotnet.framework.aspnet.security: 7598>Xref: cpmsftngxa07.phx.gbl>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>I bailed on this before and just went to Basic Authentication and told the
>users they would have to live with signing on again.... but now I need to
>get it working...
>
>Domain: Windows 2003
>Web Server: Windows 2003
>SQL Server: Windows 2000
>
>The web server and the SQL server are trusted for delegation.
>The user accounts are trusted for delegation.
>
>The web page has <Identity Impersonate="true"> and <Authentication mode
>="Windows">
>
>I'm running into the same "double-hop" problem.. even though everything
>should be using Kerberos.
>
>A user (running XP) opens a page on the web server.. the web server then
>tries to access the SQL Server database.. but returns:
>
>Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
>
>The web server has Anonymous access turned off.
>The web server has Integrated Windows authentication turned on.
>
>IIS is running under the local system account.
>
>The web server has been added to the SQL Server database
>\\DomainName\ServerName$
>
>I've gone round-and-round with this issue before and was never able to come
>up with the solution.
>
>Can anyone help?
>
>
>Jim Cheshire [MSFT] Guest
-
Vinay R. Indoria #3 Impersonation, Delegation & SQL Server
hey Rob,
I am in same loop...... is there any progress on this
issue. How to resolve this "double-hop" issue.
need ur guidence.
regards
Vinay R. Indoria
Authentication and told the>-----Original Message-----
>I bailed on this before and just went to Basicbut now I need to>users they would have to live with signing on again....delegation.>get it working...
>
>Domain: Windows 2003
>Web Server: Windows 2003
>SQL Server: Windows 2000
>
>The web server and the SQL server are trusted for<Authentication mode>The user accounts are trusted for delegation.
>
>The web page has <Identity Impersonate="true"> andthough everything>="Windows">
>
>I'm running into the same "double-hop" problem.. evenweb server then>should be using Kerberos.
>
>A user (running XP) opens a page on the web server.. theturned on.>tries to access the SQL Server database.. but returns:
>
>Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
>
>The web server has Anonymous access turned off.
>The web server has Integrated Windows authenticationnever able to come>
>IIS is running under the local system account.
>
>The web server has been added to the SQL Server database
>\\DomainName\ServerName$
>
>I've gone round-and-round with this issue before and was>up with the solution.
>
>Can anyone help?
>
>
>.
>Vinay R. Indoria Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
