.NET, Integrated Windows Authentication, and more

Discussion in 'ASP .Net Security' started by FuriousMojo, Dec 17, 2003.

  1. FuriousMojo

    FuriousMojo Guest

    First of all, with identity impersonate = true, I still get this blasted error: Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

    It seems like it simply will not send the domain username and password that I'm authenticated as! It is endlessly frustrating. I have the machine.config entries as follows:

    <identity impersonate="true" userName="" password=""/>

    and for the process part...

    userName="machine"
    password="AutoGenerate"

    My web.config is as follows:

    <configuration><system.web><compilation debug="true"/><customErrors mode="Off"/><authentication mode="Windows" /><identity impersonate="true"/></system.web></configuration>

    All I want to do is authenticate to the SQL server (which is not the same machine as the IIS box) using the domain username and password I'm signed on as. That way I can assign permissions and rights on the database side. This cannot be that hard. What am I missing?

    Thanks in advance.
     
    FuriousMojo, Dec 17, 2003
    #1
    1. Advertising

  2. When you have impersonation set to true with no user name and password
    specified you will be impersonating the authenticated IIS user. This means
    that if you are using Anonymous authentication (this will always be used if
    it is checked in IIS...even if you have Windows Integrated checked) you
    will be running the thread as the IIS Anonymous user. Based on the
    information you provided, it looks like this is what is happening for you.
    A second choice would be to specify the user you want to impersonate, but
    there is an additional step needed in order to get this to work. You will
    have to add the ASPNET user to the policy called "Act as a part of the
    Operating System" and then refresh the policies on the machine.

    Here is an article that covers the three impersonation choices. There is
    only one of the three that can be done without the policy I mentioned above
    and it is simply <identity impersonate = "true">

    306158 INFO: Implementing Impersonation in an ASP.NET Application
    http://support.microsoft.com/?id=306158

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Holly
     
    Holly Mazerolle, Dec 17, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mark
    Replies:
    0
    Views:
    704
  2. Amedee Van Gasse
    Replies:
    2
    Views:
    2,864
    Buddy Ackerman
    Jun 16, 2005
  3. grey
    Replies:
    0
    Views:
    418
  4. Will
    Replies:
    5
    Views:
    2,683
  5. Amedee Van Gasse

    Integrated Windows Authentication, ASP.NET and FoxPro

    Amedee Van Gasse, Jun 16, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    213
    Buddy Ackerman
    Jun 16, 2005
Loading...

Share This Page