Login failed for user '\'

Discussion in 'ASP .Net Security' started by Karl S., Aug 23, 2005.

  1. Karl S.

    Karl S. Guest

    I'm at a loss to what the solution is. I have an intranet application that
    runs on w2k3 with iis 6.0 security set to Integrated Windows authentication
    only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1 (1.1.4322 SP1).
    The web.config authentication mode="Windows" and authorization set to <allow
    users="*" />.
    This app is trying to connect to SQL 7.0 on an NT server in the same domain.
    I currently have a web service running on the same w2k3 web server that
    accesses this same SQL Server but uses anonymous access (set to a domain
    user) and it connects just fine. Here's a stripped down version of the
    routine that throws the exception.

    private DataTable getData()
    {
    SqlConnection conn = new SqlConnection ("server=ntServer;database=myDB;
    Integrated
    Security=SSPI");
    conn.Open(); <--------- throws SqlException
    ....
    }

    When I use WindowsPrincipal.Identity.Name.ToString() to see who this .NET
    app is being ran as, it comes back with the correct domain\username that has
    proper access to the database (I even used the domain admin account). But
    the SQL Error message is saying "Login failed for user'\'". I tried setting
    the authentication mode to anonymous and use the same user and SqlConnection
    as my web service but I get the same error message. I've got to be missing
    something but what?

    Please help.
     
    Karl S., Aug 23, 2005
    #1
    1. Advertising

  2. Hello Karl S.,

    do you have impersonation enabled??

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I'm at a loss to what the solution is. I have an intranet application
    > that
    > runs on w2k3 with iis 6.0 security set to Integrated Windows
    > authentication
    > only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1
    > (1.1.4322 SP1).
    > The web.config authentication mode="Windows" and authorization set to
    > <allow
    > users="*" />.
    > This app is trying to connect to SQL 7.0 on an NT server in the same
    > domain.
    > I currently have a web service running on the same w2k3 web server
    > that
    > accesses this same SQL Server but uses anonymous access (set to a
    > domain
    > user) and it connects just fine. Here's a stripped down version of
    > the routine that throws the exception.
    >
    > private DataTable getData()
    > {
    > SqlConnection conn = new SqlConnection
    > ("server=ntServer;database=myDB;
    >
    > Integrated
    > Security=SSPI");
    > conn.Open(); <--------- throws SqlException
    > ...
    > }
    > When I use WindowsPrincipal.Identity.Name.ToString() to see who this
    > .NET app is being ran as, it comes back with the correct
    > domain\username that has proper access to the database (I even used
    > the domain admin account). But the SQL Error message is saying "Login
    > failed for user'\'". I tried setting the authentication mode to
    > anonymous and use the same user and SqlConnection as my web service
    > but I get the same error message. I've got to be missing something
    > but what?
    >
    > Please help.
    >
     
    Dominick Baier [DevelopMentor], Aug 23, 2005
    #2
    1. Advertising

  3. Karl S.

    Karl S. Guest

    Hi Dominick,

    I do have <identity impersonate="true" /> set in the web.config file. It
    does seem like it isn't taking though. Any thoughts on how to verify it?

    ~Karl

    "Dominick Baier [DevelopMentor]" wrote:

    > Hello Karl S.,
    >
    > do you have impersonation enabled??
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I'm at a loss to what the solution is. I have an intranet application
    > > that
    > > runs on w2k3 with iis 6.0 security set to Integrated Windows
    > > authentication
    > > only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1
    > > (1.1.4322 SP1).
    > > The web.config authentication mode="Windows" and authorization set to
    > > <allow
    > > users="*" />.
    > > This app is trying to connect to SQL 7.0 on an NT server in the same
    > > domain.
    > > I currently have a web service running on the same w2k3 web server
    > > that
    > > accesses this same SQL Server but uses anonymous access (set to a
    > > domain
    > > user) and it connects just fine. Here's a stripped down version of
    > > the routine that throws the exception.
    > >
    > > private DataTable getData()
    > > {
    > > SqlConnection conn = new SqlConnection
    > > ("server=ntServer;database=myDB;
    > >
    > > Integrated
    > > Security=SSPI");
    > > conn.Open(); <--------- throws SqlException
    > > ...
    > > }
    > > When I use WindowsPrincipal.Identity.Name.ToString() to see who this
    > > .NET app is being ran as, it comes back with the correct
    > > domain\username that has proper access to the database (I even used
    > > the domain admin account). But the SQL Error message is saying "Login
    > > failed for user'\'". I tried setting the authentication mode to
    > > anonymous and use the same user and SqlConnection as my web service
    > > but I get the same error message. I've got to be missing something
    > > but what?
    > >
    > > Please help.
    > >

    >
    >
    >
    >
     
    Karl S., Aug 23, 2005
    #3
  4. Karl S.

    Karl S. Guest

    Looks like I was wrong about the below statement.

    > ... I tried setting
    > the authentication mode to anonymous and use the same user and SqlConnection
    > as my web service but I get the same error message. ...


    When I set the authentication mode to anonymous and use the same username as
    my web service, it works. It appears that using "Integrated Windows
    authentication" only is why it is failing for me. What do I need to do to
    get this to work?
     
    Karl S., Aug 24, 2005
    #4
  5. Hello Karl S.,

    so you are trying to access a back end resource using impersonated credentials.
    this is called delegation and has to be configured.

    have a look at:
    http://www.leastprivilege.com/TroubleshootingKerberosDelegation.aspx


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi Dominick,
    >
    > I do have <identity impersonate="true" /> set in the web.config
    > file. It does seem like it isn't taking though. Any thoughts on how
    > to verify it?
    >
    > ~Karl
    >
    > "Dominick Baier [DevelopMentor]" wrote:
    >
    >> Hello Karl S.,
    >>
    >> do you have impersonation enabled??
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I'm at a loss to what the solution is. I have an intranet
    >>> application
    >>> that
    >>> runs on w2k3 with iis 6.0 security set to Integrated Windows
    >>> authentication
    >>> only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1
    >>> (1.1.4322 SP1).
    >>> The web.config authentication mode="Windows" and authorization set
    >>> to
    >>> <allow
    >>> users="*" />.
    >>> This app is trying to connect to SQL 7.0 on an NT server in the same
    >>> domain.
    >>> I currently have a web service running on the same w2k3 web server
    >>> that
    >>> accesses this same SQL Server but uses anonymous access (set to a
    >>> domain
    >>> user) and it connects just fine. Here's a stripped down version of
    >>> the routine that throws the exception.
    >>> private DataTable getData()
    >>> {
    >>> SqlConnection conn = new SqlConnection
    >>> ("server=ntServer;database=myDB;
    >>> Integrated
    >>> Security=SSPI");
    >>> conn.Open(); <--------- throws SqlException
    >>> ...
    >>> }
    >>> When I use WindowsPrincipal.Identity.Name.ToString() to see who this
    >>> .NET app is being ran as, it comes back with the correct
    >>> domain\username that has proper access to the database (I even used
    >>> the domain admin account). But the SQL Error message is saying
    >>> "Login
    >>> failed for user'\'". I tried setting the authentication mode to
    >>> anonymous and use the same user and SqlConnection as my web service
    >>> but I get the same error message. I've got to be missing something
    >>> but what?
    >>> Please help.
    >>>
     
    Dominick Baier [DevelopMentor], Aug 24, 2005
    #5
  6. Karl S.

    Paul Clement Guest

    On Tue, 23 Aug 2005 17:07:03 -0700, "Karl S." <> wrote:

    ¤ Looks like I was wrong about the below statement.
    ¤
    ¤ > ... I tried setting
    ¤ > the authentication mode to anonymous and use the same user and SqlConnection
    ¤ > as my web service but I get the same error message. ...
    ¤
    ¤ When I set the authentication mode to anonymous and use the same username as
    ¤ my web service, it works. It appears that using "Integrated Windows
    ¤ authentication" only is why it is failing for me. What do I need to do to
    ¤ get this to work?

    You need to configure your environment for Kerberos as Dominick referred to in his last reply.

    IIS cannot delegate credentials to remote resources when Integrated Windows Authentication has been
    implemented.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
     
    Paul Clement, Aug 24, 2005
    #6
  7. Karl S.

    Karl S. Guest

    Thank you for steering me in the right direction. I'll check it out.

    "Dominick Baier [DevelopMentor]" wrote:

    > Hello Karl S.,
    >
    > so you are trying to access a back end resource using impersonated credentials.
    > this is called delegation and has to be configured.
    >
    > have a look at:
    > http://www.leastprivilege.com/TroubleshootingKerberosDelegation.aspx
    >
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hi Dominick,
    > >
    > > I do have <identity impersonate="true" /> set in the web.config
    > > file. It does seem like it isn't taking though. Any thoughts on how
    > > to verify it?
    > >
    > > ~Karl
    > >
    > > "Dominick Baier [DevelopMentor]" wrote:
    > >
    > >> Hello Karl S.,
    > >>
    > >> do you have impersonation enabled??
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> I'm at a loss to what the solution is. I have an intranet
    > >>> application
    > >>> that
    > >>> runs on w2k3 with iis 6.0 security set to Integrated Windows
    > >>> authentication
    > >>> only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1
    > >>> (1.1.4322 SP1).
    > >>> The web.config authentication mode="Windows" and authorization set
    > >>> to
    > >>> <allow
    > >>> users="*" />.
    > >>> This app is trying to connect to SQL 7.0 on an NT server in the same
    > >>> domain.
    > >>> I currently have a web service running on the same w2k3 web server
    > >>> that
    > >>> accesses this same SQL Server but uses anonymous access (set to a
    > >>> domain
    > >>> user) and it connects just fine. Here's a stripped down version of
    > >>> the routine that throws the exception.
    > >>> private DataTable getData()
    > >>> {
    > >>> SqlConnection conn = new SqlConnection
    > >>> ("server=ntServer;database=myDB;
    > >>> Integrated
    > >>> Security=SSPI");
    > >>> conn.Open(); <--------- throws SqlException
    > >>> ...
    > >>> }
    > >>> When I use WindowsPrincipal.Identity.Name.ToString() to see who this
    > >>> .NET app is being ran as, it comes back with the correct
    > >>> domain\username that has proper access to the database (I even used
    > >>> the domain admin account). But the SQL Error message is saying
    > >>> "Login
    > >>> failed for user'\'". I tried setting the authentication mode to
    > >>> anonymous and use the same user and SqlConnection as my web service
    > >>> but I get the same error message. I've got to be missing something
    > >>> but what?
    > >>> Please help.
    > >>>

    >
    >
    >
    >
     
    Karl S., Aug 24, 2005
    #7
  8. Karl S.

    Karl S. Guest

    Thanks Paul.

    "Paul Clement" wrote:

    > On Tue, 23 Aug 2005 17:07:03 -0700, "Karl S." <> wrote:
    >
    > ¤ Looks like I was wrong about the below statement.
    > ¤
    > ¤ > ... I tried setting
    > ¤ > the authentication mode to anonymous and use the same user and SqlConnection
    > ¤ > as my web service but I get the same error message. ...
    > ¤
    > ¤ When I set the authentication mode to anonymous and use the same username as
    > ¤ my web service, it works. It appears that using "Integrated Windows
    > ¤ authentication" only is why it is failing for me. What do I need to do to
    > ¤ get this to work?
    >
    > You need to configure your environment for Kerberos as Dominick referred to in his last reply.
    >
    > IIS cannot delegate credentials to remote resources when Integrated Windows Authentication has been
    > implemented.
    >
    >
    > Paul
    > ~~~~
    > Microsoft MVP (Visual Basic)
    >
     
    Karl S., Aug 24, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U3lsdmFu?=
    Replies:
    4
    Views:
    5,423
    =?Utf-8?B?U3lsdmFu?=
    Nov 26, 2005
  2. Dennis
    Replies:
    0
    Views:
    4,091
    Dennis
    Jun 26, 2006
  3. CFTK
    Replies:
    5
    Views:
    520
  4. Homer
    Replies:
    3
    Views:
    8,017
    Alexey Smirnov
    Sep 25, 2007
  5. Tony Johansson
    Replies:
    3
    Views:
    16,427
    Patrice
    Jan 2, 2010
Loading...

Share This Page