IIS and SQL Server 2000 Windows Authentication


J

John Barr

We have asp.net application setup using Windows Authentication. For the
website, under directory security the only thing checked is "Windows
Authentication". We have the users specified in SQL who have rights to
connect...etc. In the Web.Config, it is specified as Integrated
Security=true. However, when the user goes to the site, an error message is
displayed saying Login attempt failed for (Our Domain Name)\(Our Web
Application Server Name)$ . I have a couple of issues here...

1. Why is it attempting to logon with this account?

2. The domain Machine name doesnt have a $ on it, so why is it showing that
way?

3. Is this some internal naming for a windows account?
 
Ad

Advertisements

B

Bob Barrows [MVP]

John said:
We have asp.net

There was no way for you to know it (except maybe by browsing through
some of the previous questions before posting yours - always a
recommended practice), but this is a classic (COM-based) asp newsgroup.
ASP.Net is a different technology from classic ASP. While you may be
lucky enough to find a dotnet-savvy person here who can answer your
question, you can eliminate the luck factor by posting your question to
a newsgroup where the dotnet-savvy people hang out. I suggest

microsoft.public.dotnet.framework.aspnet.

There are also forums at www.asp.net where you can find a lot of people
to help you.

HTH,
Bob Barrows
 
Ad

Advertisements

A

Anthony Jones

John Barr said:
We have asp.net application setup using Windows Authentication. For the
website, under directory security the only thing checked is "Windows
Authentication". We have the users specified in SQL who have rights to
connect...etc. In the Web.Config, it is specified as Integrated
Security=true. However, when the user goes to the site, an error message
is
displayed saying Login attempt failed for (Our Domain Name)\(Our Web
Application Server Name)$ . I have a couple of issues here...

1. Why is it attempting to logon with this account?

Because you haven't specified:-

<identity impersonate="true" />

in the <system.web> section.

The authenticated user is purely a .NET IPrinicple and does not impact the
security token that the thread runs as.
In order for an integrated security to pass through to a SQL connection the
thread needs to impersonate the windows account of the the user. The above
entry causes that to happen.
2. The domain Machine name doesnt have a $ on it, so why is it showing
that
way?

It is a bit strange but it will the machine account that is trying to access
the SQL server because the default identity on the process will be NETWORK
SERVICE
3. Is this some internal naming for a windows account?

Yes but I don't think the $ really means much.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top