Thanks a lot for Bruce and John's informative inputs.
Hi Patrick,
For the ASP.NET impersonation, when we use implicit impersonation like:
<identity impersonate="tr ue" />
the remote client's credential will be used to establish a network logon
session which doesn't have network credential for further network hop.
That's why for general condition, when client visist your asp.net app and
the asp.net use clientside credential to access the remote sqlserver will
fail.
For the local IIS5 XP condition, because you are test through the local
browser , when the IIS accept the clientside credential (local client), it
directly use the client user's interactive logon session( rather than
establish a network logon session) which surely contains the network
credential, so in such condiitino, the asp.net is able to use the
credential to access the remote sqlserver.
Anyway, I think Bruce has completely listed all the possible solutions
currently we have. If there're anything else unclear ,please feel free to
post here.
Thanks & Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "WJ" <Jo*******@HotM ail.Com>
| References: <5A************ *************** *******@microso ft.com>
<#k************ **@tk2msftngp13 .phx.gbl>
<E6************ *************** *******@microso ft.com>
| Subject: Re: ASP.NET -> SQL Server : Impersonation not working!
| Date: Mon, 8 Aug 2005 20:58:36 -0400
| Lines: 13
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
| X-RFC2646: Format=Flowed; Original
| Message-ID: <OE************ **@TK2MSFTNGP10 .phx.gbl>
| Newsgroups:
microsoft.publi c.dotnet.framew ork.adonet,micr osoft.public.do tnet.framework. a
spnet
| NNTP-Posting-Host: ip70-187-233-38.dc.dc.cox.ne t 70.187.233.38
| Path: TK2MSFTNGXA01.p hx.gbl!TK2MSFTN GP08.phx.gbl!TK 2MSFTNGP10.phx. gbl
| Xref: TK2MSFTNGXA01.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:1168 26
microsoft.publi c.dotnet.framew ork.adonet:3367 9
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
|
| "Patrick" <qu*******@news group.nospam> wrote in message
| news:E6******** *************** ***********@mic rosoft.com...
| > Why does it work when the ASP.NET is on IIS5.1 on WinXP SP1 (which is
on a
| > different box but in the same domain as the SQL Server)?
| >
|
| Because you "login" to Windows XP where the IIS-5 is on the same box.
This
| is called integrated Windows security.
|
| John
|
|
|