S
Sir W
I'm currently facing a weird impersonation/delegation issue.
I have a very simple web form opening a SQL Connection to a SQL Server
database sitting on a different server and requesting a simple SELECT
query. The web form uses Windows authentication and Impersonation and
seems to work quite well but on two clients. When the web form is
accessed from those two clients, the worker process correctly
impersonates the user (at least,
System.Security.Principal.WindowsIdentity.GetCurrent().Name gives the
expected result) but the SQL Connection Open method always fails with
"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'" error.
We tried different users on those two clients with the same result: it
appears that impersonation doesn't work from those two clients. What is
driving me crazy is that after a succesful Windows authentication, it
should be up to the server to do the impersonation and the delegation,
so the client shouldn't be involved in the process.
Is it possible for a client to request a ticket not valid for
delegation?
Any ideas how to troubleshoot the issue?
TIA,
Andrea
I have a very simple web form opening a SQL Connection to a SQL Server
database sitting on a different server and requesting a simple SELECT
query. The web form uses Windows authentication and Impersonation and
seems to work quite well but on two clients. When the web form is
accessed from those two clients, the worker process correctly
impersonates the user (at least,
System.Security.Principal.WindowsIdentity.GetCurrent().Name gives the
expected result) but the SQL Connection Open method always fails with
"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'" error.
We tried different users on those two clients with the same result: it
appears that impersonation doesn't work from those two clients. What is
driving me crazy is that after a succesful Windows authentication, it
should be up to the server to do the impersonation and the delegation,
so the client shouldn't be involved in the process.
Is it possible for a client to request a ticket not valid for
delegation?
Any ideas how to troubleshoot the issue?
TIA,
Andrea