1
I noticed the following issue posted as a double-hop issue in many discussion
boards but found no answers that explain how to pass the second hop
with windows auth from IIS ASPX page to remote SQL Server.
Problem:
--------------
I am trying to create an asp.net website with integrated windows authentication
to access SQL databases. IIS resides on WinXP and SQL Server
on Win2000 SRV. Both are in the same NT Domain. IIS and SQL Server cannot reside on the same machine and a stand alone web server is
ideal as the website needs to access multiple SQL Servers. IIS is set to
Integrated Windows Authentication. The anonymous access in IIS settings is unchecked. The web.config file has Identity element
set for impersonation <identity impersonation="true">
The machine running IIS & the SQL Server
are set to be "trusted for delegation" in active directory. The domain user
accounts that will be accessing the databases are not marked as "Account
is sensitive and cannot be delegated".
The connection string that the web app uses to connect to SQL database is:
"Data Source=PWSSQLT;Integrated Security=SSPI;Initial Catalog=Pace_Master;Persist Security Info=true"
with which the user credentials should be flown to the SQL database.
But instead the delegation fails and results in the following ANONYMOUS authentication failure error. All this works if I use http:\\localhost to access website (but fails when IPAddress is used) or pass user credentials of an nt domain account (this is the same account that fails to login to SQL SRV
by setting only the impersonation attribute of the identity element to true & no user credentials) in the identity tag of the web.config file. So I am confused as to what might be causing the login failure. Is this NT configuration issue related to Kerberos authentication or the account access under which
SQL Server is running or IIS settings related issue. So far I haven't found info to help resolve the issue. Any help would greatly be appreciated.
Authentication Failure Error:
-----------------------------
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the current web request.
Please review the stack trace for more information about the error and where it originated in the code.
--------------------------------------------------------------------------------------------------------------------
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Source Error:
// Open the connection, and return it
oConn.Open();
return oConn;
Source File: e:\ING eIMS\App_Code\DataAccess\ConnectionManager.cs
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
System.Data.SqlClient.SqlInternalConnection.OnErro r(SqlException exception, Boolean breakConnection)
System.Data.SqlClient.TdsParser.ThrowExceptionAndW arning(TdsParserStateObject stateObj)
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader
dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
System.Data.SqlClient.SqlInternalConnectionTds.Com pleteLogin(Boolean enlistOK)
System.Data.SqlClient.SqlInternalConnectionTds.Ope nLoginEnlist(SqlConnection owningObject,
SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
System.Data.SqlClient.SqlInternalConnectionTds..ct or(DbConnectionPoolIdentity identity,
SqlConnectionString connectionOptions, Object providerInfo, String newPassword,
SqlConnection owningObject, Boolean redirectedUserInstance)
System.Data.SqlClient.SqlConnectionFactory.CreateC onnection(DbConnectionOptions options,
Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
System.Data.ProviderBase.DbConnectionFactory.Creat ePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options)
System.Data.ProviderBase.DbConnectionPool.CreateOb ject(DbConnection owningObject)
System.Data.ProviderBase.DbConnectionPool.UserCrea teRequest(DbConnection owningObject)
System.Data.ProviderBase.DbConnectionPool.GetConne ction(DbConnection owningObject)
System.Data.ProviderBase.DbConnectionFactory.GetCo nnection(DbConnection owningConnection)
System.Data.ProviderBase.DbConnectionClosed.OpenCo nnection(DbConnection outerConnection,
DbConnectionFactory connectionFactory) +105
System.Data.SqlClient.SqlConnection.Open()
INGRS.DataAccess.ConnectionManager.GetConnection() in e:\ING eIMS\App_Code\DataAccess\ConnectionManager.cs:
DAActivity.Page_Load(Object sender, EventArgs e) in e:\ING eIMS\DA\DAStatus\DAActivity.aspx.cs
System.Web.Util.CalliHelper.EventArgFunctionCaller (IntPtr fp, Object o, Object t, EventArgs e)
System.Web.Util.CalliEventHandlerDelegateProxy.Cal lback(Object sender, EventArgs e)
System.Web.UI.Control.OnLoad(EventArgs e)
System.Web.UI.Control.LoadRecursive()
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
_______________
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210
---------------------
