I noticed the following issue posted as a double-hop issue in many discussion
boards but found no answers that explain how to pass the second hop
with windows auth from IIS ASPX page to remote SQL Server.
Problem:
--------------
I am trying to create an asp.net website with integrated windows authentication
to access SQL databases. IIS resides on WinXP and SQL Server
on Win2000 SRV. Both are in the same NT Domain. IIS and SQL Server cannot reside on the same machine and a stand alone web server is
ideal as the website needs to access multiple SQL Servers. IIS is set to
Integrated Windows Authentication. The anonymous access in IIS settings is unchecked. The web.config file has Identity element
set for impersonation <identity impersonation=" true">
The machine running IIS & the SQL Server
are set to be "trusted for delegation" in active directory. The domain user
accounts that will be accessing the databases are not marked as "Account
is sensitive and cannot be delegated".
The connection string that the web app uses to connect to SQL database is:
"Data Source=PWSSQLT; Integrated Security=SSPI;I nitial Catalog=Pace_Ma ster;Persist Security Info=true"
with which the user credentials should be flown to the SQL database.
But instead the delegation fails and results in the following ANONYMOUS authentication failure error. All this works if I use http:\\localhos t to access website (but fails when IPAddress is used) or pass user credentials of an nt domain account (this is the same account that fails to login to SQL SRV
by setting only the impersonation attribute of the identity element to true & no user credentials) in the identity tag of the web.config file. So I am confused as to what might be causing the login failure. Is this NT configuration issue related to Kerberos authentication or the account access under which
SQL Server is running or IIS settings related issue. So far I haven't found info to help resolve the issue. Any help would greatly be appreciated.
Authentication Failure Error:
-----------------------------
Login failed for user 'NT AUTHORITY\ANONY MOUS LOGON'.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.
--------------------------------------------------------------------------------------------------------------------
Exception Details: System.Data.Sql Client.SqlExcep tion: Login failed for user 'NT AUTHORITY\ANONY MOUS LOGON'.
Source Error:
// Open the connection, and return it
oConn.Open();
return oConn;
Source File: e:\ING eIMS\App_Code\D ataAccess\Conne ctionManager.cs
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONY MOUS LOGON'.]
System.Data.Sql Client.SqlInter nalConnection.O nError(SqlExcep tion exception, Boolean breakConnection )
System.Data.Sql Client.TdsParse r.ThrowExceptio nAndWarning(Tds ParserStateObje ct stateObj)
System.Data.Sql Client.TdsParse r.Run(RunBehavi or runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleR esultSet bulkCopyHandler , TdsParserStateO bject stateObj)
System.Data.Sql Client.SqlInter nalConnectionTd s.CompleteLogin (Boolean enlistOK)
System.Data.Sql Client.SqlInter nalConnectionTd s.OpenLoginEnli st(SqlConnectio n owningObject,
SqlConnectionSt ring connectionOptio ns, String newPassword, Boolean redirectedUserI nstance)
System.Data.Sql Client.SqlInter nalConnectionTd s..ctor(DbConne ctionPoolIdenti ty identity,
SqlConnectionSt ring connectionOptio ns, Object providerInfo, String newPassword,
SqlConnection owningObject, Boolean redirectedUserI nstance)
System.Data.Sql Client.SqlConne ctionFactory.Cr eateConnection( DbConnectionOpt ions options,
Object poolGroupProvid erInfo, DbConnectionPoo l pool, DbConnection owningConnectio n)
System.Data.Pro viderBase.DbCon nectionFactory. CreatePooledCon nection(DbConne ction
owningConnectio n, DbConnectionPoo l pool, DbConnectionOpt ions options)
System.Data.Pro viderBase.DbCon nectionPool.Cre ateObject(DbCon nection owningObject)
System.Data.Pro viderBase.DbCon nectionPool.Use rCreateRequest( DbConnection owningObject)
System.Data.Pro viderBase.DbCon nectionPool.Get Connection(DbCo nnection owningObject)
System.Data.Pro viderBase.DbCon nectionFactory. GetConnection(D bConnection owningConnectio n)
System.Data.Pro viderBase.DbCon nectionClosed.O penConnection(D bConnection outerConnection ,
DbConnectionFac tory connectionFacto ry) +105
System.Data.Sql Client.SqlConne ction.Open()
INGRS.DataAcces s.ConnectionMan ager.GetConnect ion() in e:\ING eIMS\App_Code\D ataAccess\Conne ctionManager.cs :
DAActivity.Page _Load(Object sender, EventArgs e) in e:\ING eIMS\DA\DAStatu s\DAActivity.as px.cs
System.Web.Util .CalliHelper.Ev entArgFunctionC aller(IntPtr fp, Object o, Object t, EventArgs e)
System.Web.Util .CalliEventHand lerDelegateProx y.Callback(Obje ct sender, EventArgs e)
System.Web.UI.C ontrol.OnLoad(E ventArgs e)
System.Web.UI.C ontrol.LoadRecu rsive()
System.Web.UI.P age.ProcessRequ estMain(Boolean includeStagesBe foreAsyncPoint, Boolean includeStagesAf terAsyncPoint)
_______________
Version Information: Microsoft .NET Framework Version:2.0.507 27.42; ASP.NET Version:2.0.507 27.210
---------------------
0  3202  Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Michelle |
last post by:
Hello!
I have an ASP.NET application (1.1 framework) that needs to be able to
read/write files on a network share. The access to this file share
will be fairly restricted, so I need to impersonate a specific user
account on our domain in order to gain access. The impersonation is
only needed for the sections that reads/writes files. I have tried
using the code from http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q306158#4
and...
|
by: cerilocke |
last post by:
I have an identical SQL database on two machines (my machine and a web
server) that links to a database on a third server (S3). When I execute
a stored procedure on my machine that accesses a database on S3, it
always runs without a problem. However, when I run the same stored
procedure on the webserver (via Query Analyzer on my machine, connected
to the webserver), the stored procedure runs without a problem for
about ten minutes, and...
|
by: Dave Kolb |
last post by:
Is there any other solution for an ASPNET application to access
network resources other than running as SYSTEM, using delegation (a
nightmare to get to work) or the COM+ solution? I cannot seem to impersonate
a user and obtain network credentials using the DuplicateTokenEx call with
appropriate parameters even though the call seems to not fail. I check my
identity has changed but can only still do local commands.
I would consider...
|
by: Dan Higman |
last post by:
I'm sure this is easy and I'll be embarrassed when I see the answer,
but I just can't figure this one out.
Using .Net/ASP 1.1 on a server using integrated authentication--
I have a web page (.aspx) that will collect some data from the user,
call a web service to get additional data, and then merge and format the
data back to the user's browser. But I want the web service to
authenticate with the user's credentials, not the credentials of...
|
by: CLarkou |
last post by:
My machine has Win XP and IIS 5.1.
I installed Visual Studio 2005 without SQL Express 2005. SQL Server
2005 is installed on another machine with Win 2003.
I created a Web Site in .NET VB. I created a connection with my SQL
server database, I can retrieve/ change data in SERVER EXPLORER. When I
try to create a gridview with data fron one table and to run the web
page in Internet Explorer I receive the following error.
| | |
by: exits funnel |
last post by:
Hello,
I apologize if this question is a bit vague and slightly off topic but I
couldn't find an Analysis Services and/or ODBO specific newsgroup. In
any event, I'm trying to address an issue in some code I've inherited
from a colleague who is on vacation and unfortunately, it deals with
ODBO, COM and Analysis Services, three topics with which I'm pretty
unfamiliar. Having said that here is the situation as best I can explain
it: the...
|
by: Arthur |
last post by:
Hi All,
I would like to get the name of the user given their networkID, is this
something Active Directory would be useful for?(For intranet users)
If so, can you please point me to some sample code/examples?
Thanks in advance,
Arthur
|
by: Srinivas Chintakindi |
last post by:
Hi All,
I am developing one ASP.NET 2.0 application in which user test the remote
sql server existance. User enters remote sql server name, data base name,
authentication mode, user name, password. I am making the connection string
based on the authentication mode. If it is integrated authentication my
connection string would be as below.
try
{
|
by: dorrit.Riemenschneider |
last post by:
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:
Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
