SQL Authentication problem


N

nlayzer

Failed: System.Data.SqlClient.SqlException: Login failed for user
'(null)'Reason: Not associated with a trusted SQL Server connection. at
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) at
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior
runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,
BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) at
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString connectionOptions, String
newPassword, Boolean redirectedUserInstance) at
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo,
String newPassword, SqlConnection owningObject, Boolean
redirectedUserInstance) at
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool,
DbConnection owningConnection) at
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options)
at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection
owningObject) at
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection
owningObject) at
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) at
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) at
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) at
System.Data.SqlClient.SqlConnection.Open()

Environment:

Single Windows 2003 AD domain
SQL Server 2000 SP4 on w2k03 server

web service running on a W2k03 SP1 Server
ASP.NET 2.0.50727

web.config has:

<authentication mode="Windows"/>
<identity impersonate="true"/>

IIS set to Integrated Windows Integrated Authentication (no anonymous)



I can get the web service to work when I'm on the server and point to
localhost

When i'm remote (again, inside the domain with a domain login
authorized to the SQL resources) I get the error.
 
Ad

Advertisements

N

nicklayzer

Prem said:

Prem,

Thanks for the link. I am trying to avoid enabling anonymous access
because I need to maintain specific security assignments within the
backend SQL environment. Users have different authorization to the
various data and this, in theory, can easily be accomplished using
Integrated Windows Authority.

so...

- The web service is designed to use Windows Inttegrated Security to
limit access to SQL data

- the web service does this when a user logs into the server and tests
the service by addressing <localhost>. To me, this demonstrates that
the web service is capable of passing Windows credentials to the SQL
server.

- the web service does not work when a user logs into their workstation
(in the same domain - all servers and workstations are in the same
domain) and tests the service by addressing <servername>. To me, this
means that IIS is not properly receiving the credentials from the
client so that it can't pass them properly to the SQL Server.

thanks for any help,

Nick
 
Ad

Advertisements

N

nlayzer

I am now proceeding under the assumption that this is "the infamous IIS
<A href="http://support.microsoft.com/kb/264921/">double hop</A>
problem" and that my problem is due to improperly configured <A
href="http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx">Kerberos
Delegation</A>

If this does, in fact, lead me to solve this problem then I will post a
reply letting any future readers see the solution.

If anyone knows of a thread that already resolv es this issue, please
post a link to it.

thanks,

Nick
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top