Impersonation and delegation

[Kelly D. Jones]

I've read many messages and even more technotes, but I still can't get the
following scenario to work:

I have a Windows 2003 web server and a separate Windows 2000/SQL server,
both in the same Active Directory on our LAN. I need to flow the user
credentials from 2000/XP clients, to the web server, and then onto the SQL
server.

IIS is set to only allow Windows integrated authentication.

My connection string is "workstation id=C3PO;packet size=4096;integrated
security=SSPI;data source=BUNSEN;persist security info=False;initial
catalog=Website" (I'm using VS.Net 2003)

I set the user account to be "Trusted for delegation". I set both server
computer accounts to be Trusted for delegation also.

I set the web.config file to:
<identity impersonate="true" />
<authentication mode="Windows" />
<authorization>
<allow users="*" />
<disallow users="?" />


Authentication works to the web server, but I get the following error when I
try to access the SQL server :
"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."

Any tips/help would be greatly appreciated,

 

[Eric]

Try adding "Network Library=DBMSSOCN" for TCP/IP access or "Network
Library=DBNMPNTW" for named pipe access to your connect string. Most of the
stuff says named pipes won't work so use TCP/IP but we found the opposite to
be true. Something else to check into is something called a service
principal name. I'm not to clear on how to set it up or what it does
exactly, our DBA figured out and set that up. It has something to do with
helping the credentials get from one server to another when using the web
application.

Eric