Database Connection - Not Associated With Trusted Connection

[Mythran]

I have a test server and a development machine. I have SQL Server installed
on both, the installations are pretty much identical. Both servers are in
the same domain. When I run my application locally, I can connect to the
local sql server as well as the sql server on the test server. The IIS
settings on both the test server and local machine are the same (anon
disabled, use integrated windows auth). Identity impersonate is on in
web.config.

When I run the application on the test server, I can connect to the test
server with the following connection string:
"server=testing;trusted_connection=yes;". However, when I point it to my
local machine ("server=mymachine;trusted_connection=yes;") I get the "Login
failed for user '(null)'. Reason: Not associated with a trusted SQL Server
connection." error.

Using the same two connection strings on my local machine work fine. The
only difference I know of is...the test machine is a child domain
(test.mydomain) while my local machine is under the primary domain
(mydomain). I can connect to it locally, but it can't seem to pass the
credentials from the test machine to my local machine...it sees it (can see
it using SQLBrowseConnect api function) and can connect to it using SQL
Query Analyzer using windows authentication through Terminal Services, but
it just doesn't work using ASP.Net

Can anyone help?

Thanks,
Mythran

 

[Scott Allen]

I'm trying to keep track of the machine and network hops involved, but
it sounds like you are facing the dreaded double hop issue trying to
impersonate the user.

If you must carry the client's identity all the way to the database,
you'll need to use delegation. I have pointers here:
http://odetocode.com/blogs/scott/archive/2005/02/24/1053.aspx

If you don't need to client's identity there are easier options
available...

 

[Patirck Ige]

Well i had the same issue once and what i did was to imperosnate the user in
webconfig with adding the username
and the password.
I guess it wasn't the best idea but it solved the problem
Patrick

 

[Scott Allen]

If your requirements allow you to use a fixed identity that solution
works well and is very simple, yes.

 

[Bruce Barker]

if your site is impersonating the users creditials, asp.net only supports
trusted connections to a local sqlserver (same box), unless you are using
kerberos and enable credital forwarding.

if you can use a fixed account, then specify the userName and password in
the web.config.

-- bruce (sqlwork.com)

 

[Mythran]

if your site is impersonating the users creditials, asp.net only supports
trusted connections to a local sqlserver (same box), unless you are using
kerberos and enable credital forwarding.

if you can use a fixed account, then specify the userName and password in
the web.config.

-- bruce (sqlwork.com)

Yes, I have used fixed accounts in connection strings before. But I was
just trying to get it to work with windows authentication...but I see that I
have to enable Kerberos and that will take some thought and planning...

Thanks

Mythran