ASP.NET + SQL Server Windows authentication

Hey All,

Trying to understand why I can not get SQL server to trust my IIS server. I have two machines set up, 1 App and 1 DB, and I'm trying to validate the
applications access to the DB server via NT Authentication. The App comes in via NTLM which from my understanding only supports Single hop security
delegation. So far I understand why it doesn't work, although seems to me
like a very bad problem. Now, Basic Authentication will transfer the PW and the UID which will allow IIS to login to the DB server and then NT
Authentication will work. But we all know how non-secure Basic
Authentication is.

Here's the confusion, if Kerberos permits token transferring with no
limitation why can't IIS receive a token via NTLM and transfer it to the DB server?

I've been reading all of these articles

http://msdn.microsoft.com/library/de...us/vbcon/html/ vbconaccessingsqlserverfromwebapplication.asp
http://msdn.microsoft.com/library/de...us/vbcon/html/ vbtskaccessingsqlserverusingwindowsintegratedsecur ity.asp
http://msdn.microsoft.com/library/de...us/dnauth/html /dnauth_security.asp
http://msdn.microsoft.com/library/de...us/dnauth/html /signfaq.asp
http://support.microsoft.com/default...;en-us;Q176377

and a bunch of other documents and they all come down to two valid
solutions: Basic Authentication or SQL Users. These are only valid if the
level of security you wish to achieve is not something that needs to pass a certain level of security (would not pass in industries that require maximum security).

If I am bound to NT Authentication, is my only option Basic Authentication
(of course under SSL)? And why is it that we don't have these problems with other Database vendors? Is there any way we can utilize ADSI to get the
users NTLM credentials to pass on to SQL server?

Any help or suggestions will be very appreciated.

Thank you,

Hey All,

Trying to understand why I can not get SQL server to trust my IIS server. I have two machines set up, 1 App and 1 DB, and I'm trying to validate the
applications access to the DB server via NT Authentication. The App comes in via NTLM which from my understanding only supports Single hop security
delegation. So far I understand why it doesn't work, although seems to me
like a very bad problem. Now, Basic Authentication will transfer the PW and the UID which will allow IIS to login to the DB server and then NT
Authentication will work. But we all know how non-secure Basic
Authentication is.

Here's the confusion, if Kerberos permits token transferring with no
limitation why can't IIS receive a token via NTLM and transfer it to the DB server?

I've been reading all of these articles

http://msdn.microsoft.com/library/de...us/vbcon/html/ vbconaccessingsqlserverfromwebapplication.asp
http://msdn.microsoft.com/library/de...us/vbcon/html/ vbtskaccessingsqlserverusingwindowsintegratedsecur ity.asp
http://msdn.microsoft.com/library/de...us/dnauth/html /dnauth_security.asp
http://msdn.microsoft.com/library/de...us/dnauth/html /signfaq.asp
http://support.microsoft.com/default...;en-us;Q176377

and a bunch of other documents and they all come down to two valid
solutions: Basic Authentication or SQL Users. These are only valid if the
level of security you wish to achieve is not something that needs to pass a certain level of security (would not pass in industries that require maximum security).

If I am bound to NT Authentication, is my only option Basic Authentication
(of course under SSL)? And why is it that we don't have these problems with other Database vendors? Is there any way we can utilize ADSI to get the
users NTLM credentials to pass on to SQL server?

Any help or suggestions will be very appreciated.

Thank you,