Hi Lyners,
For such accessing remote resource on client's forward identity issue, you
can refer to
Bruce's former message whicn mentioned the 4 possible options:
===============
1) switch to basic authentication. this will give IIS a primary token it
can
use to access a remore sqlserver.
2) switch to kerberos authentication and enable creditials forwarding.
3) use a fixed account
4) move the SqlServer to the IIS box.
=============== =
In addition, if you have interests, I also recommend that you have a look
at the
"Programmin g windows security" or
"The .NET Developer's Guide to Windows Security"
authored by Keith Brown. The twos are good guide on windows security
programming.
Thanks & Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| Thread-Topic: ASP.NET -> SQL Server : Impersonation not working!
| thread-index: AcWd9XWiDDZC3Jc zQtemxmLiosdewg ==
| X-WBNR-Posting-Host: 204.194.251.3
| From: =?Utf-8?B?THluZXJz?= <Ly****@discuss ions.microsoft. com>
| References: <5A************ *************** *******@microso ft.com>
| Subject: RE: ASP.NET -> SQL Server : Impersonation not working!
| Date: Wed, 10 Aug 2005 14:50:01 -0700
| Lines: 33
| Message-ID: <95************ *************** *******@microso ft.com>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups:
microsoft.publi c.dotnet.framew ork.adonet,micr osoft.public.do tnet.framework. a
spnet
| NNTP-Posting-Host: TK2MSFTNGXA03.p hx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.p hx.gbl!TK2MSFTN GXA03.phx.gbl
| Xref: TK2MSFTNGXA01.p hx.gbl
microsoft.publi c.dotnet.framew ork.aspnet:1172 66
microsoft.publi c.dotnet.framew ork.adonet:3379 7
| X-Tomcat-NG: microsoft.publi c.dotnet.framew ork.aspnet
|
| I have the same problem. Is there a book or something that spells out
exactly
| what needs to happen to make this work? I also have it working locally
with
| XP (so i thought this solution was good), promoted it to the server, only
to
| run into this problem. Seems to be more difficult than it has to be for
| something that appears to be common to do (retrieve data from your SQL
server
| and display it in your .net pages).
|
| Looking for an answer also,
| lyners
|
| "Patrick" wrote:
|
| > I set my web.config as follows:
| > <authenticati on mode="Windows" />
| > <identity impersonate="tr ue" />
| >
| > Logon to my ASP.NET website as a user who can authenticate to the
target
| > database.
| >
| > 1) Works fine on my local PC running IIS5.1 on WinXP Pro SP1
| > 2) does not work on IIS6.0 on Windows 2003 server:
| > System.Data.Sql Client.SqlExcep tion: Login failed for user '(null)'.
Reason:
| > Not associated with a trusted SQL Server connection.
| > at System.Data.Sql Client.Connecti onPool.GetConne ction(Boolean&
| > isInTransaction )
| > at
| >
System.Data.Sql Client.SqlConne ctionPoolManage r.GetPooledConn ection(SqlConne c
tionString options, Boolean& isInTransaction )
| > at System.Data.Sql Client.SqlConne ction.Open()
| > at
Microsoft.Pract ices.Enterprise Library.Data.Da tabase.OpenConn ection()
| > HOWEVER, Environment.Use rName returns the correct username!
| >
| >
| > Why? How to fix?
|