Impersonation and delegation

Discussion in 'ASP .Net Security' started by Kelly D. Jones, Aug 19, 2003.

  1. I've read many messages and even more technotes, but I still can't get the
    following scenario to work:

    I have a Windows 2003 web server and a separate Windows 2000/SQL server,
    both in the same Active Directory on our LAN. I need to flow the user
    credentials from 2000/XP clients, to the web server, and then onto the SQL
    server.

    IIS is set to only allow Windows integrated authentication.

    My connection string is "workstation id=C3PO;packet size=4096;integrated
    security=SSPI;data source=BUNSEN;persist security info=False;initial
    catalog=Website" (I'm using VS.Net 2003)

    I set the user account to be "Trusted for delegation". I set both server
    computer accounts to be Trusted for delegation also.

    I set the web.config file to:
    <identity impersonate="true" />
    <authentication mode="Windows" />
    <authorization>
    <allow users="*" />
    <disallow users="?" />


    Authentication works to the web server, but I get the following error when I
    try to access the SQL server :
    "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."

    Any tips/help would be greatly appreciated,
    ---
    Kelly D. Jones
    Kelly D. Jones, Aug 19, 2003
    #1
    1. Advertising

  2. Kelly D. Jones

    Eric Guest

    Try adding "Network Library=DBMSSOCN" for TCP/IP access or "Network
    Library=DBNMPNTW" for named pipe access to your connect string. Most of the
    stuff says named pipes won't work so use TCP/IP but we found the opposite to
    be true. Something else to check into is something called a service
    principal name. I'm not to clear on how to set it up or what it does
    exactly, our DBA figured out and set that up. It has something to do with
    helping the credentials get from one server to another when using the web
    application.

    Eric


    "Kelly D. Jones" <> wrote in message
    news:%...
    > I've read many messages and even more technotes, but I still can't get the
    > following scenario to work:
    >
    > I have a Windows 2003 web server and a separate Windows 2000/SQL server,
    > both in the same Active Directory on our LAN. I need to flow the user
    > credentials from 2000/XP clients, to the web server, and then onto the SQL
    > server.
    >
    > IIS is set to only allow Windows integrated authentication.
    >
    > My connection string is "workstation id=C3PO;packet size=4096;integrated
    > security=SSPI;data source=BUNSEN;persist security info=False;initial
    > catalog=Website" (I'm using VS.Net 2003)
    >
    > I set the user account to be "Trusted for delegation". I set both server
    > computer accounts to be Trusted for delegation also.
    >
    > I set the web.config file to:
    > <identity impersonate="true" />
    > <authentication mode="Windows" />
    > <authorization>
    > <allow users="*" />
    > <disallow users="?" />
    >
    >
    > Authentication works to the web server, but I get the following error when

    I
    > try to access the SQL server :
    > "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
    >
    > Any tips/help would be greatly appreciated,
    > ---
    > Kelly D. Jones
    >
    >
    >
    Eric, Aug 20, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kelly D. Jones

    Problem with impersonation and delegation

    Kelly D. Jones, Sep 4, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,806
  2. jm
    Replies:
    1
    Views:
    1,910
    bruce barker
    Dec 20, 2003
  3. Patrick
    Replies:
    3
    Views:
    510
    David Wang
    Nov 16, 2006
  4. Bill Ward

    Performance issues With Impersonation and Delegation

    Bill Ward, Oct 5, 2006, in forum: ASP .Net Security
    Replies:
    3
    Views:
    277
    Joe Kaplan
    Oct 24, 2006
  5. Sam Roberts
    Replies:
    4
    Views:
    293
    Sam Roberts
    May 7, 2008
Loading...

Share This Page