Windows authentication from ASP.NET to SQL Server

Discussion in 'ASP .Net Security' started by Nils Magnus Englund, Aug 9, 2005.

  1. Hello,

    I am having trouble using Integrated Windows Authentication between our
    intranet server and our database server, both of which are on our local
    domain.

    Windows authentication works for our intranet server - my domain user
    "DOM\nme" is correctly authenticated and authorized to view the ASP.NET page
    on our intranet. In Web.config, I have both <identity impersonate="true" />
    and <authentication type="Windows" />. I have disabled anonymous access in
    IIS 6.0.

    Windows authentication also works for the SQL Server; when logged on to the
    domain, I can start Query Analyzer and connect to the SQL Server using
    Windows authentication. Permissions on the SQL Server are also correctly set
    up.

    However, problems arise when I want to connect to the SQL Server from the
    ASP.NET page - I get the fairly common error message below:

    Login failed for user '(null)'. Reason: Not associated with a trusted SQL
    Server connection.

    Although I do get a lot of hits when searching for this specific error, I
    still can't seem to find the cause of the problem.

    The connection string I'm using to connect to the SQL Server is:
    "Server=DB;Integrated Security=SSPI;Database=IntranetDB".

    When setting <identity impersonate="false">, I get the error message "Login
    failed for user 'DOM\INTRANET$'." - DOM\INTRANET$ is the hostname of the
    intranet server.

    In the database servers event log, I can see two events (supplied below)
    after trying to authenticate (unsuccessfully) from the ASP.NET application
    to the SQL Server as "DOM\nme".

    What do I need to do to let users use Windows authentication against the DB
    server as well?


    Regards,
    Nils Magnus Englund


    (event log entries follows...)


    Date: 08.08.2005
    Source: Security
    Time: 15:14:55
    Category: Logon/Logoff
    Type: Success Audit
    Event ID: 540
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: DB

    Description:
    Successful Network Logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x5CE408)
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: INTRANET
    Logon GUID: -
    Caller User Name: -
    Caller Domain: -
    Caller Logon ID: -
    Caller Process ID: -
    Transited Services: -
    Source Network Address: -
    Source Port: -


    Date: 08.08.2005
    Source: Security
    Time: 15:14:55
    Category: Logon/Logoff
    Type: Success Audit
    Event ID: 538
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: DB

    Description:
    User Logoff:
    User Name: ANONYMOUS LOGON
    Domain: NT AUTHORITY
    Logon ID: (0x0,0x5CE408)
    Logon Type: 3
    Nils Magnus Englund, Aug 9, 2005
    #1
    1. Advertising

  2. Hello Nils,

    sounds like a typical double hop problem. google for asp.net and delegation
    and have a look at:
    http://www.leastprivilege.com/PermaLink.aspx?guid=ca303e8d-76a3-4ceb-992c-10098f3ed6d0


    HTH

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello,
    >
    > I am having trouble using Integrated Windows Authentication between
    > our intranet server and our database server, both of which are on our
    > local domain.
    >
    > Windows authentication works for our intranet server - my domain user
    > "DOM\nme" is correctly authenticated and authorized to view the
    > ASP.NET page on our intranet. In Web.config, I have both <identity
    > impersonate="true" /> and <authentication type="Windows" />. I have
    > disabled anonymous access in IIS 6.0.
    >
    > Windows authentication also works for the SQL Server; when logged on
    > to the domain, I can start Query Analyzer and connect to the SQL
    > Server using Windows authentication. Permissions on the SQL Server are
    > also correctly set up.
    >
    > However, problems arise when I want to connect to the SQL Server from
    > the ASP.NET page - I get the fairly common error message below:
    >
    > Login failed for user '(null)'. Reason: Not associated with a trusted
    > SQL Server connection.
    >
    > Although I do get a lot of hits when searching for this specific
    > error, I still can't seem to find the cause of the problem.
    >
    > The connection string I'm using to connect to the SQL Server is:
    > "Server=DB;Integrated Security=SSPI;Database=IntranetDB".
    >
    > When setting <identity impersonate="false">, I get the error message
    > "Login failed for user 'DOM\INTRANET$'." - DOM\INTRANET$ is the
    > hostname of the intranet server.
    >
    > In the database servers event log, I can see two events (supplied
    > below) after trying to authenticate (unsuccessfully) from the ASP.NET
    > application to the SQL Server as "DOM\nme".
    >
    > What do I need to do to let users use Windows authentication against
    > the DB server as well?
    >
    > Regards,
    > Nils Magnus Englund
    > (event log entries follows...)
    >
    > Date: 08.08.2005
    > Source: Security
    > Time: 15:14:55
    > Category: Logon/Logoff
    > Type: Success Audit
    > Event ID: 540
    > User: NT AUTHORITY\ANONYMOUS LOGON
    > Computer: DB
    > Description:
    > Successful Network Logon:
    > User Name:
    > Domain:
    > Logon ID: (0x0,0x5CE408)
    > Logon Type: 3
    > Logon Process: NtLmSsp
    > Authentication Package: NTLM
    > Workstation Name: INTRANET
    > Logon GUID: -
    > Caller User Name: -
    > Caller Domain: -
    > Caller Logon ID: -
    > Caller Process ID: -
    > Transited Services: -
    > Source Network Address: -
    > Source Port: -
    > Date: 08.08.2005
    > Source: Security
    > Time: 15:14:55
    > Category: Logon/Logoff
    > Type: Success Audit
    > Event ID: 538
    > User: NT AUTHORITY\ANONYMOUS LOGON
    > Computer: DB
    > Description:
    > User Logoff:
    > User Name: ANONYMOUS LOGON
    > Domain: NT AUTHORITY
    > Logon ID: (0x0,0x5CE408)
    > Logon Type: 3
    Dominick Baier [DevelopMentor], Aug 9, 2005
    #2
    1. Advertising

  3. Nils Magnus Englund

    Paul Clement Guest

    On Tue, 9 Aug 2005 11:43:56 +0200, "Nils Magnus Englund" <> wrote:

    ¤ Hello,
    ¤
    ¤ I am having trouble using Integrated Windows Authentication between our
    ¤ intranet server and our database server, both of which are on our local
    ¤ domain.

    Replied in microsoft.public.dotnet.framework.aspnet.


    Paul
    ~~~~
    Microsoft MVP (Visual Basic)
    Paul Clement, Aug 9, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lior Amar
    Replies:
    2
    Views:
    671
    Lior Amar
    Aug 27, 2003
  2. =?Utf-8?B?UmV6YQ==?=
    Replies:
    3
    Views:
    17,894
    Carlos Barini
    Jun 7, 2004
  3. Nils Magnus Englund

    Windows authentication from ASP.NET to SQL Server

    Nils Magnus Englund, Aug 8, 2005, in forum: ASP .Net
    Replies:
    8
    Views:
    11,881
    Paul Clement
    Aug 16, 2005
  4. andy
    Replies:
    2
    Views:
    603
  5. Alice Wong
    Replies:
    8
    Views:
    8,830
    Artur
    Dec 18, 2008
Loading...

Share This Page