Integrated security fails on new server

Discussion in 'ASP .Net Security' started by kaborka, Aug 12, 2005.

  1. kaborka

    kaborka Guest

    We are migrating from our old intranet server to a new one. My ASP.Net C#
    app uses integrated security to connect to a SQL 2000 server located on a
    different machine in the same domain. It is working fine on the old server.
    The following are in web.config:

    <authentication mode="Windows" />
    <identity impersonate="true" />

    Anonymous access is disabled on the virtual directory. Connection strings
    are of the form:
    Server=myserver;Database=mydb;Persist Security Info=False;Integrated
    Security=SSPI;

    On the new intranet server, the asp.net page can connect to the local SQL
    Server using integrated security, and I have confirmed it us impersonating
    the user correctly. However, when the page tries to connect to a different
    SQL Server, I get the exception: "Login failed for user '(null)'. Reason: Not
    associated with a trusted SQL Server connection."

    Since this asp.net app works fine on our current intranet server (the
    webpages are able to connect to SQL Server running on a different machine
    using integrated security), there must be a problem with the configuration of
    the new server.

    I've confirmed that "Integrated Windows Authentication" is the only option
    checked on the Authentication Methods dialog of the website properties, and
    the web.config is set up correctly. What else should I look for to make the
    new server work the same as the old one?
     
    kaborka, Aug 12, 2005
    #1
    1. Advertising

  2. kaborka

    Paul Clement Guest

    On Thu, 11 Aug 2005 18:56:02 -0700, "kaborka" <> wrote:

    ¤ We are migrating from our old intranet server to a new one. My ASP.Net C#
    ¤ app uses integrated security to connect to a SQL 2000 server located on a
    ¤ different machine in the same domain. It is working fine on the old server.
    ¤ The following are in web.config:
    ¤
    ¤ <authentication mode="Windows" />
    ¤ <identity impersonate="true" />
    ¤
    ¤ Anonymous access is disabled on the virtual directory. Connection strings
    ¤ are of the form:
    ¤ Server=myserver;Database=mydb;Persist Security Info=False;Integrated
    ¤ Security=SSPI;
    ¤
    ¤ On the new intranet server, the asp.net page can connect to the local SQL
    ¤ Server using integrated security, and I have confirmed it us impersonating
    ¤ the user correctly. However, when the page tries to connect to a different
    ¤ SQL Server, I get the exception: "Login failed for user '(null)'. Reason: Not
    ¤ associated with a trusted SQL Server connection."
    ¤
    ¤ Since this asp.net app works fine on our current intranet server (the
    ¤ webpages are able to connect to SQL Server running on a different machine
    ¤ using integrated security), there must be a problem with the configuration of
    ¤ the new server.
    ¤
    ¤ I've confirmed that "Integrated Windows Authentication" is the only option
    ¤ checked on the Authentication Methods dialog of the website properties, and
    ¤ the web.config is set up correctly. What else should I look for to make the
    ¤ new server work the same as the old one?

    Integrated security with SQL Server and an ASP.NET application implementing impersonation requires
    Kerberos in a trusted environment in order to delegate credentials to a remote database server.
    Without Kerberos, the integrated windows security authentication w/IIS is performed by NTLM and IIS
    never receives credentials to delegate.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Aug 12, 2005
    #2
    1. Advertising

  3. kaborka

    kaborka Guest

    Well, I'm embarrassed! I double-checked the connection string used by the
    ASP.net app on the old intranet server, and it is using SQL authentication
    when it connects to a remote SQL Server. The connection string parameters
    are set up in the registry. I had thought it was using integrated security
    for both the local and remote SQL connections, but it was only using
    integrated security for the local connection. My bad!

    Thanks for your reply.

    > Integrated security with SQL Server and an ASP.NET application implementing impersonation requires
    > Kerberos in a trusted environment in order to delegate credentials to a remote database server.
    > Without Kerberos, the integrated windows security authentication w/IIS is performed by NTLM and IIS
    > never receives credentials to delegate.
    >
    >
    > Paul
    > ~~~~
    > Microsoft MVP (Visual Basic)
    >
     
    kaborka, Aug 12, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dave
    Replies:
    1
    Views:
    487
    S. Justin Gengo
    Aug 11, 2003
  2. tomix
    Replies:
    1
    Views:
    308
    Chris Fulstow
    Oct 27, 2006
  3. eRic
    Replies:
    6
    Views:
    363
    Kunal
    Mar 5, 2004
  4. Phil Aldis
    Replies:
    3
    Views:
    202
    Raterus
    Aug 16, 2004
  5. Arthur Zubarev
    Replies:
    0
    Views:
    82
    Arthur Zubarev
    Feb 3, 2014
Loading...

Share This Page