Impersonation headaches

[Stephajn Craig]

I'm developing an ASP.NET app on a Windows 2003 Server. My ASP.NET app is
using Windows Authentication and in IIS I have disabled Anonymous Access,
and enabled digest authentication. In my Web.Config file I have put this
line:

<identity impersonate="true" />

My ASP.NET app calls on a SQL Server database that is on a different
machine. I can tell that the ASP.NET engine is picking up my domain
username as being the authenticated user by using this line:

Dim username As String =
System.Security.Principal.WindowsIdentity.GetCurrent().Name

However, when the call to the database is made, I get this error:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

What am I missing here? why is the call to the database going through as
that and not my domain account? My connection string to the database looks
like this:

data source=SOMESERVER;Initial Catalog=SOMEDATABASE;Integrated
Security=SSPI;

Any help would REALLY be appreciated.

 

[George Ter-Saakov]

There are several levels of Impersonation
You can look up article in MSDN with the title "Client Impersonation and
Delegation "

What you looking for is delegation level.

I am not sure how ASO.NET works but it might give you a clue.

George.

 

[bruce barker]

this setup will not work, as you can not forward nt creditals from the
webserver to the sqlserver (unless the browser is running on the webserver -
like on your dev box). this only works with basic and digest authentication.

there are plenty of posts on the details (google this newsgroup).

-- bruce (sqlwork.com)