Impersonation, Delegation & SQL Server

[Rob Edwards]

I bailed on this before and just went to Basic Authentication and told the
users they would have to live with signing on again.... but now I need to
get it working...

Domain: Windows 2003
Web Server: Windows 2003
SQL Server: Windows 2000

The web server and the SQL server are trusted for delegation.
The user accounts are trusted for delegation.

The web page has <Identity Impersonate="true"> and <Authentication mode
="Windows">

I'm running into the same "double-hop" problem.. even though everything
should be using Kerberos.

A user (running XP) opens a page on the web server.. the web server then
tries to access the SQL Server database.. but returns:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

The web server has Anonymous access turned off.
The web server has Integrated Windows authentication turned on.

IIS is running under the local system account.

The web server has been added to the SQL Server database
\\DomainName\ServerName$

I've gone round-and-round with this issue before and was never able to come
up with the solution.

Can anyone help?

 

[Jim Cheshire [MSFT]]

Rob,

This isn't actually caused by your user not being authenticated. It's a
problem with the delegation. You should probably raise this in the SQL
newsgroups.

Jim Cheshire, MCSE, MCSD [MSFT]
Developer Support
ASP.NET
(e-mail address removed)

This post is provided as-is with no warranties and confers no rights.

--------------------

 

[Vinay R. Indoria]

hey Rob,

I am in same loop...... is there any progress on this
issue. How to resolve this "double-hop" issue.

need ur guidence.

regards
Vinay R. Indoria