Windows authentication not making it past first machine

Doug

The Setup
---------------
Machine A: Windows 2000 Workstation
Machine B: Windows 2000 Server running IIS 5.0
Machine C: Windows 2000 Server running SQL Server 2000

* User is logged into Machine A with userid/password.
* All machines are networked on a domain.
* Due to security requirements, we have removed the "ASPNET" user
account.
* Therefore, we had to add "<identity impersonate="tr ue"></identity>"
in the web.config file.
* Using a System DSN.

The Problem
------------------
Using Windows Authentication, "A" hits "B" and is authenticated. When
IIS ("B") attempts to query data from SQL Server ("C"), we get the
following error:

ERROR [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.

We have verified (using the Request object) that "B" is getting the
credentials. "C" is not and we can't figure out why.

Most people, it seems, rely on SQL Authentication, but our first choice
(for security reasons) is to rely on passthrough ("Windows")
authentication.

Is this a documented bug or are we doing something wrong?

If I need to provide more info, please ask. Thanks.

P.S. Oh, and if we physically sit at the server and run the code, it
works fine.

May 2 '06 #1

Subscribe Reply

1255

bruce barker \(sqlwork.com\)

this is a security feature of nt known as the one hop rule. ntlm creditals
are good only one hop. you can switch to kerberos security which was
designed to support passing credentials from machine to machine. this will
require using active directory, and enabling creditrals forwarding (off by
default) on the servers. you could also switch to basic authenication but
its not secure unless you use https

security design explained:

http://msdn.microsoft.com/library/de...lained0001.asp

kerberos setup:

http://msdn.microsoft.com/library/de...SecNetHT05.asp
-- bruce (sqlwork.com)

"Doug" <sp*******@gmai l.com> wrote in message
news:11******** *************@i 40g2000cwc.goog legroups.com...

The Setup
---------------
Machine A: Windows 2000 Workstation
Machine B: Windows 2000 Server running IIS 5.0
Machine C: Windows 2000 Server running SQL Server 2000

* User is logged into Machine A with userid/password.
* All machines are networked on a domain.
* Due to security requirements, we have removed the "ASPNET" user
account.
* Therefore, we had to add "<identity impersonate="tr ue"></identity>"
in the web.config file.
* Using a System DSN.

The Problem
------------------
Using Windows Authentication, "A" hits "B" and is authenticated. When
IIS ("B") attempts to query data from SQL Server ("C"), we get the
following error:

ERROR [28000] [Microsoft][ODBC SQL Server Driver][SQL Server]Login
failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.

We have verified (using the Request object) that "B" is getting the
credentials. "C" is not and we can't figure out why.

Most people, it seems, rely on SQL Authentication, but our first choice
(for security reasons) is to rely on passthrough ("Windows")
authentication.

Is this a documented bug or are we doing something wrong?

If I need to provide more info, please ask. Thanks.

P.S. Oh, and if we physically sit at the server and run the code, it
works fine.

May 2 '06 #2

Similar topics

1746

ADSI Authentication Problem in ASP

by: Srinivas | last post by:

Hi, I've one system in which Active directory is installed. That system is the domain controller as well as web server - A test machine. Trying all following to Authenticate Users using VB as well as ASP. I need ASP solution (and no component required etcc..). Things seems to work fine but stuck badly from past two days.

ASP / Active Server Pages

4637

forms authentication with loginurl on a remote machine

by: Hermit Dave | last post by:

Hi, I am making a web application (rather two applications) one which is host and used by customers when they are just browsing through products. The second application resides on a secure server. This is going to hold all account related information for the customers and will also be used for admin The login is implemented using forms authentication and i was just reading up about that... but as everyone already knows.... its all...

ASP.NET

964

forms authentication with loginurl on a remote machine contd

by: Hermit Dave | last post by:

Steven, Just a quick query.... in the two apps i have... it works fine on my local machine... but was talking to someone who was implementing a very similar method.... and it was then that i noticed... that the returnURL value... when it was forwarded to secure application contained "/virtualdir/virtualdir2/index.aspx" This would mean that in a scenario like mine.. where the second app is on a different server i would have to set a...

ASP.NET

2423

Starting up Windows Program from a webform with current users's authentication

by: Kristof Despiere | last post by:

Suppose you have one domain, filled with a couple of users. What needs to be done now is I need to start a windows application from a webform by pressing a button on the webform (for example). The problem is that the user who "owns" the service is always the ASPNET account. That's not good since you don't see the actual application (because it's owned by ASPNET). I've tried changed the processmodel section in the machine.config file to...

ASP.NET

2698

Remote control of windows service with windows 2003 server

by: pberna | last post by:

Dear all, I built a Web Form application to start and stop a Windows Service remotely. I successful tested the application on Windows 2000 server + IIS. I must include the ASPNET user to the Administration group (on server side) to have the necessary authorization to start a Windows Service (I don't understand why "Power User" rights are not enough to do the same thing) Although I'm able to start a service using windows 2000 server...

ASP.NET

1386

Word attachment on windows 2003 / iis6

by: sqlboy2000 | last post by:

All, I've used the following code in several projects without issue: Response.ContentType = "Application/msword" Response.AddHeader ( "Content-Disposition", "attachment; filename=Report.doc" ) If you're familiar with it, it simply causes the webpage to be rendered as a word attachment. This works fine in my .aspx page on my machine (win xp pro). But when I deploy it to our production web

ASP.NET

3844

Forms authentication works in Mozilla but not IE

by: Manuel | last post by:

My web app was running fine until I decided to change the custom errors parameter in the Web.config file. I set it to "On" and the app stopped working in IE but it works fine in Mozilla! So I turned back to: <customErrors mode="Off" /> and now the problem doesn't go away (in IE). Whenever I click anywhere past the login page it returns back to the login page.

ASP.NET

2353

SQL Server 2005 Express Edition login problem when deploying a windows application

by: Preben Zacho | last post by:

Hi there The scenario I got is this: I have created a Windows application in VS and I want to deploy it to another machine running Windows Vista. Since I have no control over this other machine, I've set it up to run SQL Authentication and I have added a new user called "MyUser" and applied a password. This user/password is used in my connection string whick looks like this: Server=.\SQLEXPRESS;Database=MyDB;User...

C# / C Sharp

6898

Connect using different Windows user name...?!?!

by: Ben Hanson | last post by:

I've scoured Google searching for an answer that seems like it should be easy but apparently isn't...when I open SSMS to connect to a SQL 2005 database and choose Windows authentication, it greys out the User Name box...problem is, the server I need to connect to is in another domain...how on earth are you supposed to specify a different Windows user name to connect with other than the one currently logged into the machine? -Ben

Microsoft SQL Server

9000

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9396

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8260

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6081

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4713

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4887

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3322

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

2804

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2225

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General