Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

ASP.NET windows authentication and impersonation

0 views

Skip to first unread message

Suzy

unread,

Oct 29, 2002, 9:22:56 AM10/29/02

I am having trouble with ASP.NET windows authentication
and impersonation.

I am using SQL 2000 and W2K without active directory (the
domain is mixed with NT machines).

I have my IIS set to deny Anonymous access and allow only
Windows authentication. In my web.config I have
<authentication mode="Windows" /> and in my machine.config
I have <authentication mode="Windows" />. If I write trace
statements the User.Identity.Name is correct, the
User.Identity.AuthenticationType is NTLM and the
User.Identity.GetType is
System.Security.Principal.WindowsIdentity. My SQL
connection string uses Integrated Security=SSPI.

And yet the security context is not flowing - when I
browse to a page with a database hit I get the
error "Login failed for user 'NT AUTHORITY\ANONYMOUS
LOGON'".

Thanks for any advice
Suzy

Gary

unread,

Oct 29, 2002, 10:31:14 PM10/29/02

To configure IIS for SQL Server with Windows NT authentication, you cannot
use Windows NT Challenge\Response (NTLM) authentication. You must use one
of the following two IIS authentication methods:

- Enable only Basic authentication for the Web application.

-or-

- If users are allowed anonymous access, verify the following:

- If the user is configured as the Anonymous user in IIS, they must also
be configured in a Windows NT account on the computer running SQL Server.

- If SQL Server and IIS are not on the same computer, create the user as
either a domain account accessible to both computers or locally on both the
SQL Server computer and the IIS computer with the same password. If you
create the user locally on both computers, the user must be given the Log
on Locally right on the SQL Server computer. If the user is a domain
account, the user must be given "Access this computer from the network"
right on the SQL Server computer.

- If SQL Server and IIS are on the same computer, then start the Internet
Services Manager (on the Directory Security property page for the Web
application), open the Anonymous User Account dialog box, disable the
Enable Automatic Password Synchronization option, and then manually enter
the password for the account.

- The IIS computer requires the user's password to generate a security
token that remains valid on another server. When the Enable Automatic
Password
Synchronization option is enabled, a token can only be generated for the
local computer.

- If IIS and SQL Server are on the same computer, the name of the SQL
Server data source in the connection string and in the ODBC configuration
data source (if applicable) is local.

Hope it helps.

Gary

This posting is provided "AS IS", with no warranties, and confers no
rights. Enjoyed ASP.NET? http://www.asp.net

0 new messages