472,971 Members | 1,897 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,971 software developers and data experts.

User credentials delegation from IIS on WinXP to SQL Server on Win2003SRV fails

I noticed the following issue posted as a double-hop issue in many discussion
boards but found no answers that explain how to pass the second hop
with windows auth from IIS ASPX page to remote SQL Server.

I am trying to create an asp.net website with integrated windows authentication
to access SQL databases. IIS resides on WinXP and SQL Server
on Win2000 SRV. Both are in the same NT Domain. IIS and SQL Server cannot reside on the same machine and a stand alone web server is
ideal as the website needs to access multiple SQL Servers. IIS is set to
Integrated Windows Authentication. The anonymous access in IIS settings is unchecked. The web.config file has Identity element
set for impersonation <identity impersonation="true">
The machine running IIS & the SQL Server
are set to be "trusted for delegation" in active directory. The domain user
accounts that will be accessing the databases are not marked as "Account
is sensitive and cannot be delegated".
The connection string that the web app uses to connect to SQL database is:
"Data Source=PWSSQLT;Integrated Security=SSPI;Initial Catalog=Pace_Master;Persist Security Info=true"
with which the user credentials should be flown to the SQL database.
But instead the delegation fails and results in the following ANONYMOUS authentication failure error. All this works if I use http:\\localhost to access website (but fails when IPAddress is used) or pass user credentials of an nt domain account (this is the same account that fails to login to SQL SRV
by setting only the impersonation attribute of the identity element to true & no user credentials) in the identity tag of the web.config file. So I am confused as to what might be causing the login failure. Is this NT configuration issue related to Kerberos authentication or the account access under which
SQL Server is running or IIS settings related issue. So far I haven't found info to help resolve the issue. Any help would greatly be appreciated.

Authentication Failure Error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.


Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Source Error:

// Open the connection, and return it

return oConn;

Source File: e:\ING eIMS\App_Code\DataAccess\ConnectionManager.cs

Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]

System.Data.SqlClient.SqlInternalConnection.OnErro r(SqlException exception, Boolean breakConnection)

System.Data.SqlClient.TdsParser.ThrowExceptionAndW arning(TdsParserStateObject stateObj)
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)

System.Data.SqlClient.SqlInternalConnectionTds.Com pleteLogin(Boolean enlistOK)
System.Data.SqlClient.SqlInternalConnectionTds.Ope nLoginEnlist(SqlConnection owningObject,
SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
System.Data.SqlClient.SqlInternalConnectionTds..ct or(DbConnectionPoolIdentity identity,
SqlConnectionString connectionOptions, Object providerInfo, String newPassword,
SqlConnection owningObject, Boolean redirectedUserInstance)
System.Data.SqlClient.SqlConnectionFactory.CreateC onnection(DbConnectionOptions options,
Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
System.Data.ProviderBase.DbConnectionFactory.Creat ePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options)
System.Data.ProviderBase.DbConnectionPool.CreateOb ject(DbConnection owningObject)
System.Data.ProviderBase.DbConnectionPool.UserCrea teRequest(DbConnection owningObject)
System.Data.ProviderBase.DbConnectionPool.GetConne ction(DbConnection owningObject)

System.Data.ProviderBase.DbConnectionFactory.GetCo nnection(DbConnection owningConnection)
System.Data.ProviderBase.DbConnectionClosed.OpenCo nnection(DbConnection outerConnection,
DbConnectionFactory connectionFactory) +105

INGRS.DataAccess.ConnectionManager.GetConnection() in e:\ING eIMS\App_Code\DataAccess\ConnectionManager.cs:
DAActivity.Page_Load(Object sender, EventArgs e) in e:\ING eIMS\DA\DAStatus\DAActivity.aspx.cs
System.Web.Util.CalliHelper.EventArgFunctionCaller (IntPtr fp, Object o, Object t, EventArgs e)

System.Web.Util.CalliEventHandlerDelegateProxy.Cal lback(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e)

System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210
Jan 12 '07 #1
0 3150

Sign in to post your reply or Sign up for a free account.

Similar topics

by: Michelle | last post by:
Hello! I have an ASP.NET application (1.1 framework) that needs to be able to read/write files on a network share. The access to this file share will be fairly restricted, so I need to...
by: cerilocke | last post by:
I have an identical SQL database on two machines (my machine and a web server) that links to a database on a third server (S3). When I execute a stored procedure on my machine that accesses a...
by: Dave Kolb | last post by:
Is there any other solution for an ASPNET application to access network resources other than running as SYSTEM, using delegation (a nightmare to get to work) or the COM+ solution? I cannot seem to...
by: Dan Higman | last post by:
I'm sure this is easy and I'll be embarrassed when I see the answer, but I just can't figure this one out. Using .Net/ASP 1.1 on a server using integrated authentication-- I have a web page...
by: CLarkou | last post by:
My machine has Win XP and IIS 5.1. I installed Visual Studio 2005 without SQL Express 2005. SQL Server 2005 is installed on another machine with Win 2003. I created a Web Site in .NET VB. I...
by: exits funnel | last post by:
Hello, I apologize if this question is a bit vague and slightly off topic but I couldn't find an Analysis Services and/or ODBO specific newsgroup. In any event, I'm trying to address an issue...
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample...
by: Srinivas Chintakindi | last post by:
Hi All, I am developing one ASP.NET 2.0 application in which user test the remote sql server existance. User enters remote sql server name, data base name, authentication mode, user name,...
by: dorrit.Riemenschneider | last post by:
I need to validate a user with username and password against our OpenLDAP active directory. This is my code: Private bool ValidateUser (string username, string password) { DirectoryEntry...
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
by: tracyyun | last post by:
Hello everyone, I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.