Impersonation, Delegation & SQL Server

Discussion in 'ASP .Net Security' started by Rob Edwards, Nov 20, 2003.

  1. Rob Edwards

    Rob Edwards Guest

    I bailed on this before and just went to Basic Authentication and told the
    users they would have to live with signing on again.... but now I need to
    get it working...

    Domain: Windows 2003
    Web Server: Windows 2003
    SQL Server: Windows 2000

    The web server and the SQL server are trusted for delegation.
    The user accounts are trusted for delegation.

    The web page has <Identity Impersonate="true"> and <Authentication mode
    ="Windows">

    I'm running into the same "double-hop" problem.. even though everything
    should be using Kerberos.

    A user (running XP) opens a page on the web server.. the web server then
    tries to access the SQL Server database.. but returns:

    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

    The web server has Anonymous access turned off.
    The web server has Integrated Windows authentication turned on.

    IIS is running under the local system account.

    The web server has been added to the SQL Server database
    \\DomainName\ServerName$

    I've gone round-and-round with this issue before and was never able to come
    up with the solution.

    Can anyone help?
     
    Rob Edwards, Nov 20, 2003
    #1
    1. Advertising

  2. Rob,

    This isn't actually caused by your user not being authenticated. It's a
    problem with the delegation. You should probably raise this in the SQL
    newsgroups.

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support
    ASP.NET


    This post is provided as-is with no warranties and confers no rights.

    --------------------
    >From: "Rob Edwards" <>
    >Subject: Impersonation, Delegation & SQL Server
    >Date: Thu, 20 Nov 2003 10:28:33 -0500
    >Lines: 36
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    >Message-ID: <>
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >NNTP-Posting-Host: 206.211.101.76
    >Path:

    cpmsftngxa07.phx.gbl!cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08
    .phx.gbl!TK2MSFTNGP12.phx.gbl
    >Xref: cpmsftngxa07.phx.gbl

    microsoft.public.dotnet.framework.aspnet.security:7598
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >I bailed on this before and just went to Basic Authentication and told the
    >users they would have to live with signing on again.... but now I need to
    >get it working...
    >
    >Domain: Windows 2003
    >Web Server: Windows 2003
    >SQL Server: Windows 2000
    >
    >The web server and the SQL server are trusted for delegation.
    >The user accounts are trusted for delegation.
    >
    >The web page has <Identity Impersonate="true"> and <Authentication mode
    >="Windows">
    >
    >I'm running into the same "double-hop" problem.. even though everything
    >should be using Kerberos.
    >
    >A user (running XP) opens a page on the web server.. the web server then
    >tries to access the SQL Server database.. but returns:
    >
    >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
    >
    >The web server has Anonymous access turned off.
    >The web server has Integrated Windows authentication turned on.
    >
    >IIS is running under the local system account.
    >
    >The web server has been added to the SQL Server database
    >\\DomainName\ServerName$
    >
    >I've gone round-and-round with this issue before and was never able to come
    >up with the solution.
    >
    >Can anyone help?
    >
    >
    >
     
    Jim Cheshire [MSFT], Nov 20, 2003
    #2
    1. Advertising

  3. hey Rob,

    I am in same loop...... is there any progress on this
    issue. How to resolve this "double-hop" issue.

    need ur guidence.

    regards
    Vinay R. Indoria

    >-----Original Message-----
    >I bailed on this before and just went to Basic

    Authentication and told the
    >users they would have to live with signing on again....

    but now I need to
    >get it working...
    >
    >Domain: Windows 2003
    >Web Server: Windows 2003
    >SQL Server: Windows 2000
    >
    >The web server and the SQL server are trusted for

    delegation.
    >The user accounts are trusted for delegation.
    >
    >The web page has <Identity Impersonate="true"> and

    <Authentication mode
    >="Windows">
    >
    >I'm running into the same "double-hop" problem.. even

    though everything
    >should be using Kerberos.
    >
    >A user (running XP) opens a page on the web server.. the

    web server then
    >tries to access the SQL Server database.. but returns:
    >
    >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
    >
    >The web server has Anonymous access turned off.
    >The web server has Integrated Windows authentication

    turned on.
    >
    >IIS is running under the local system account.
    >
    >The web server has been added to the SQL Server database
    >\\DomainName\ServerName$
    >
    >I've gone round-and-round with this issue before and was

    never able to come
    >up with the solution.
    >
    >Can anyone help?
    >
    >
    >.
    >
     
    Vinay R. Indoria, Nov 28, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kelly D. Jones

    Problem with impersonation and delegation

    Kelly D. Jones, Sep 4, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    1,833
  2. jm
    Replies:
    1
    Views:
    1,946
    bruce barker
    Dec 20, 2003
  3. bruce barker

    Re: ASP.NET Impersonation / delegation

    bruce barker, Apr 28, 2004, in forum: ASP .Net
    Replies:
    7
    Views:
    4,138
    =?Utf-8?B?TWFnZGVsaW4=?=
    May 4, 2004
  4. =?Utf-8?B?UGF1bA==?=

    Impersonation/Delegation without web.config.

    =?Utf-8?B?UGF1bA==?=, Aug 5, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    897
    Patrice
    Aug 5, 2005
  5. Sam Roberts
    Replies:
    4
    Views:
    323
    Sam Roberts
    May 7, 2008
Loading...

Share This Page