F
Francois
I have several web services that use WSE to authenticate calling users.
I use a UsernameToken that validates the sent username and password
against our SqlServer database. The SqlServer database is on a
different machine than the website. For all of my database access I use
Windows Integrated Security. As such, I've had to change the ASP.Net
process model to system in the machine.config and set <identity
impersonate="true" /> in the web.config for the web service project.
For all regular db access throughout the web services the impersonation
works and the code can connect to the database with the user we
specified as the anonymous user for the website.
However, when the password validation code for the AuthenticateToken
method in my custom UsernameTokenManager object runs
WindowsIdentity.GetCurrent().Name returns 'NT AUTHORITY\SYSTEM' and the
database says "Login failed for user 'DOMAIN\MACHINENAME$'"
This means that either the code in AuthenticateToken is ran using the
builtin machine user, or because the class was constructed before
aspnet_wp.exe switched users according to the <identity
impersonate="true" /> tag in the web.config.
As I see it, there are only a couple of options to fix this problem:
1) Add the machine user to the database (is this even possible?)
2) Change my db to mixed mode authentication (against MS's best
practises) and store the connection string somewhere
Are there any other options? What have other people done in this
situation? What is my best solution? I find it hard to believe that
I'm the only person using WSE to authenticate against SqlServer with
integrated security, yet I've never seen any documentation on the
subject nor discussion about it on the newsgroups.
I'm using Windows 2000/IIS 5.0/SQL Server 2000/.NET Framework 1.1 SP2
TIA,
Colin Svingen
I use a UsernameToken that validates the sent username and password
against our SqlServer database. The SqlServer database is on a
different machine than the website. For all of my database access I use
Windows Integrated Security. As such, I've had to change the ASP.Net
process model to system in the machine.config and set <identity
impersonate="true" /> in the web.config for the web service project.
For all regular db access throughout the web services the impersonation
works and the code can connect to the database with the user we
specified as the anonymous user for the website.
However, when the password validation code for the AuthenticateToken
method in my custom UsernameTokenManager object runs
WindowsIdentity.GetCurrent().Name returns 'NT AUTHORITY\SYSTEM' and the
database says "Login failed for user 'DOMAIN\MACHINENAME$'"
This means that either the code in AuthenticateToken is ran using the
builtin machine user, or because the class was constructed before
aspnet_wp.exe switched users according to the <identity
impersonate="true" /> tag in the web.config.
As I see it, there are only a couple of options to fix this problem:
1) Add the machine user to the database (is this even possible?)
2) Change my db to mixed mode authentication (against MS's best
practises) and store the connection string somewhere
Are there any other options? What have other people done in this
situation? What is my best solution? I find it hard to believe that
I'm the only person using WSE to authenticate against SqlServer with
integrated security, yet I've never seen any documentation on the
subject nor discussion about it on the newsgroups.
I'm using Windows 2000/IIS 5.0/SQL Server 2000/.NET Framework 1.1 SP2
TIA,
Colin Svingen