double hop issue? Not sure anymore

Discussion in 'ASP .Net Security' started by reezaali@gmail.com, Jan 25, 2006.

  1. Guest

    Hi all

    I have an issue which goes something like this

    I have a web app that accesses a SQL Sever. I use AD for my users. In
    SQL i have assigned my users to various roles etc....not SQL users but
    AD users.

    my web app uses identity impersonation = true and i have disabled
    anonymous access in IIS

    I have a development environment with XP, IIS5 and ver 1.1 of
    framework. The web app works fine and shows my results.


    I have a win2k server with IIS 5 on it and when i deploy my app to this
    machine, which is part of the domain and IIS is configured the same
    way, I get what seems to be the double hop issue. So i have ensured
    that the anonymous access is diabled in IIS and integrated security is
    turned on. the machine is part of the domain. I have installed the sql
    client tools on the web server....no matter what i do i cannot access
    SQL server...it keeps giving me the Login failed for user 'NT
    AUTHORITY\ANONYMOUS LOGON'. error. I checked the user name of the
    person accessing the page by using
    System.Security.Principal.WindowsIdentity.GetCurrent().Name and the
    username is being written out however when this information passes to
    SQL i still get the anonymous user error...

    Can you please help me with this issue? I am really at a loss here...

    Thank you.
    Reeza
    , Jan 25, 2006
    #1
    1. Advertising

  2. Hi,

    there are some more things to take into consideration - i guess you only
    tested locally on your WinXP machine - this is technically not delegation
    - thats why it probably worked...

    read more here:
    http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi all
    >
    > I have an issue which goes something like this
    >
    > I have a web app that accesses a SQL Sever. I use AD for my users. In
    > SQL i have assigned my users to various roles etc....not SQL users but
    > AD users.
    >
    > my web app uses identity impersonation = true and i have disabled
    > anonymous access in IIS
    >
    > I have a development environment with XP, IIS5 and ver 1.1 of
    > framework. The web app works fine and shows my results.
    >
    > I have a win2k server with IIS 5 on it and when i deploy my app to
    > this machine, which is part of the domain and IIS is configured the
    > same way, I get what seems to be the double hop issue. So i have
    > ensured that the anonymous access is diabled in IIS and integrated
    > security is turned on. the machine is part of the domain. I have
    > installed the sql client tools on the web server....no matter what i
    > do i cannot access SQL server...it keeps giving me the Login failed
    > for user 'NT AUTHORITY\ANONYMOUS LOGON'. error. I checked the user
    > name of the person accessing the page by using
    > System.Security.Principal.WindowsIdentity.GetCurrent().Name and the
    > username is being written out however when this information passes to
    > SQL i still get the anonymous user error...
    >
    > Can you please help me with this issue? I am really at a loss here...
    >
    > Thank you.
    > Reeza
    Dominick Baier [DevelopMentor], Jan 25, 2006
    #2
    1. Advertising

  3. Guest

    Thank you Dominick.....excellent article....the delegation solved our
    problem....
    , Jan 27, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Schaefer

    Re: Windows Auth -- double hop issue??

    Ken Schaefer, Apr 7, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    3,044
    Ken Schaefer
    Apr 7, 2004
  2. =?Utf-8?B?Q2h1Y2sgSGFlYmVybGU=?=

    classic IE -> IIS -> SQL Double hop issue - Help needed resolving

    =?Utf-8?B?Q2h1Y2sgSGFlYmVybGU=?=, Oct 14, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    3,151
    Bruce Barker
    Oct 15, 2005
  3. Eric Lilja
    Replies:
    4
    Views:
    464
  4. kellygreer1

    Double Hop Network Issue

    kellygreer1, Nov 19, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    351
    kellygreer1
    Nov 20, 2007
  5. Christer

    The double hop web service security issue...

    Christer, Oct 10, 2003, in forum: ASP .Net Web Services
    Replies:
    2
    Views:
    115
    richlm
    Oct 11, 2003
Loading...

Share This Page