In my web.config file I've specified Windows for the authentication, in IIS
I've set it to Integrated Authentication.
But my SQL connection is still showing Anonymous.
Is there somewhere else I need to check?
Thanks
Win 2003, SQL Server 2000 9 2480
Tom,
What do you mean when you say that your SQL connection is still showing
anonymous?
Jim Cheshire [MSFT]
Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Tom B" <sh*****@NOSPAMhotmail.com> Subject: Integrated Authentication. Date: Thu, 16 Oct 2003 11:19:41 -0400 Lines: 12 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184652 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
In my web.config file I've specified Windows for the authentication, in IIS I've set it to Integrated Authentication.
But my SQL connection is still showing Anonymous. Is there somewhere else I need to check?
Thanks
Win 2003, SQL Server 2000
Well, I catch the error and write out the Message, which is.....
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
and Profiler shows the same.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:m2**************@cpmsftngxa06.phx.gbl... Tom,
What do you mean when you say that your SQL connection is still showing anonymous?
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Tom B" <sh*****@NOSPAMhotmail.com> Subject: Integrated Authentication. Date: Thu, 16 Oct 2003 11:19:41 -0400 Lines: 12 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:184652X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
In my web.config file I've specified Windows for the authentication, in
IISI've set it to Integrated Authentication.
But my SQL connection is still showing Anonymous. Is there somewhere else I need to check?
Thanks
Win 2003, SQL Server 2000
Tom,
Are you using SQL Server authentication or Windows authentication against
SQL Server? Sounds like you are using Windows, and in that case, you
either need to give the ASP.NET process account access to the SQL Server
database, or you need to impersonate.
Jim Cheshire [MSFT]
Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Tom B" <sh*****@NOSPAMhotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl>
<m2**************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Thu, 16 Oct 2003 16:00:47 -0400 Lines: 55 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184756 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Well, I catch the error and write out the Message, which is.....
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
and Profiler shows the same.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:m2**************@cpmsftngxa06.phx.gbl... Tom,
What do you mean when you say that your SQL connection is still showing anonymous?
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >Subject: Integrated Authentication. >Date: Thu, 16 Oct 2003 11:19:41 -0400 >Lines: 12 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl >Xref: cpmsftngxa06.phx.gblmicrosoft.public.dotnet.framework.aspnet:184652 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >In my web.config file I've specified Windows for the authentication, inIIS >I've set it to Integrated Authentication. > >But my SQL connection is still showing Anonymous. >Is there somewhere else I need to check? > >Thanks > > >Win 2003, SQL Server 2000 > > >
Impersonate! That's what it is.
It's an intranet, and I'm trying to use Windows Authentication. The odd
thing, is it was working the other day, but when I added some stuff to one
of my classes it stopped working ?!?
So would you (or someone else) be able to sum up the steps required?
1. web.config set authentication to "Windows"
2. SQL Server - set authentication to Windows Only (not really required, I
guess)
3. SQL Server - set permissions for Domain Users
4. IIS Manager set authentication to Integrated Authentication
5. web.config set impersonate on???????????????????????? <-- That's the
part I'm not sure of.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:7d**************@cpmsftngxa06.phx.gbl... Tom,
Are you using SQL Server authentication or Windows authentication against SQL Server? Sounds like you are using Windows, and in that case, you either need to give the ASP.NET process account access to the SQL Server database, or you need to impersonate.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Tom B" <sh*****@NOSPAMhotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Thu, 16 Oct 2003 16:00:47 -0400 Lines: 55 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:184756X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Well, I catch the error and write out the Message, which is.....
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
and Profiler shows the same.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:m2**************@cpmsftngxa06.phx.gbl... Tom,
What do you mean when you say that your SQL connection is still showing anonymous?
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >Subject: Integrated Authentication. >Date: Thu, 16 Oct 2003 11:19:41 -0400 >Lines: 12 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184652 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >In my web.config file I've specified Windows for the authentication,
inIIS >I've set it to Integrated Authentication. > >But my SQL connection is still showing Anonymous. >Is there somewhere else I need to check? > >Thanks > > >Win 2003, SQL Server 2000 > > >
Tom,
It can get kind of confusing. Here's more information.
First off, concerning the steps you provided, using Windows authentication
against SQL Server is fine as long as you avoid any delegation of
credentials issues. If SQL Server is on the same box as the Web server, it
will work fine. If you move SQL Server to another box, it will fail
because your credentials will be delegated. Just keep that in mind. If
you move SQL Server, you can still use Windows authentication against it,
but you will need to use delegation and Kerberos authentication.
If you have anonymous enabled in IIS, if you are NOT impersonating, the
application will run under the ASPNET account. If you turn on
impersonation but don't specify a username and password, the application
will run under the anonymous account (IUSR by default). If you specify a
username and password, obviously the application will run under that user.
If you do NOT have anonymous enabled in IIS and you are NOT impersonating,
the application will run under ASPNET. If you do have impersonation
enabled, it will run under the person who is logged into the machine.
One more thing. Above when I say "the application will run under...",
that's really a little misleading. What this really means is that the
WindowsIdentity will refer to the user specified above.
Hope all of that makes some sense.
Jim Cheshire [MSFT]
Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- From: "Tom B" <sh*****@NOSPAMhotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl>
<m2**************@cpmsftngxa06.phx.gbl>
<ut**************@TK2MSFTNGP10.phx.gbl>
<7d**************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Fri, 17 Oct 2003 08:23:22 -0400 Lines: 114 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <ub**************@TK2MSFTNGP12.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184889 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Impersonate! That's what it is.
It's an intranet, and I'm trying to use Windows Authentication. The odd thing, is it was working the other day, but when I added some stuff to one of my classes it stopped working ?!?
So would you (or someone else) be able to sum up the steps required?
1. web.config set authentication to "Windows" 2. SQL Server - set authentication to Windows Only (not really required, I guess) 3. SQL Server - set permissions for Domain Users 4. IIS Manager set authentication to Integrated Authentication 5. web.config set impersonate on???????????????????????? <-- That's the part I'm not sure of.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:7d**************@cpmsftngxa06.phx.gbl... Tom,
Are you using SQL Server authentication or Windows authentication against SQL Server? Sounds like you are using Windows, and in that case, you either need to give the ASP.NET process account access to the SQL Server database, or you need to impersonate.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> >Subject: Re: Integrated Authentication. >Date: Thu, 16 Oct 2003 16:00:47 -0400 >Lines: 55 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl >Xref: cpmsftngxa06.phx.gblmicrosoft.public.dotnet.framework.aspnet:184756 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >Well, I catch the error and write out the Message, which is..... > >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. > >and Profiler shows the same. > > >"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message >news:m2**************@cpmsftngxa06.phx.gbl... >> Tom, >> >> What do you mean when you say that your SQL connection is still
showing >> anonymous? >> >> Jim Cheshire [MSFT] >> Developer Support >> ASP.NET >> ja******@online.microsoft.com >> >> This post is provided as-is with no warranties and confers no rights. >> >> -------------------- >> >From: "Tom B" <sh*****@NOSPAMhotmail.com> >> >Subject: Integrated Authentication. >> >Date: Thu, 16 Oct 2003 11:19:41 -0400 >> >Lines: 12 >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet >> >NNTP-Posting-Host: 216.46.141.98 >> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl >> >Xref: cpmsftngxa06.phx.gbl >microsoft.public.dotnet.framework.aspnet:184652 >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet >> > >> >In my web.config file I've specified Windows for the authentication,in >IIS >> >I've set it to Integrated Authentication. >> > >> >But my SQL connection is still showing Anonymous. >> >Is there somewhere else I need to check? >> > >> >Thanks >> > >> > >> >Win 2003, SQL Server 2000 >> > >> > >> > >> > > >
OK, so in my scenario.....
machineA is W2K3 IIS machine
machineB is SQL
I want to use Windows authentication.... So I need to set up delegation and
Kerberos authentication, correct?
Man, I think it was easier when I just used sa and a blank password ;)
The other option, is to just set up a user account, and impersonate that
account, right?
Your last paragraph--"it will run under the person who is logged into the
machine"--I assume you mean in the IIS/SQL on the same machine scenario.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:MB*************@cpmsftngxa06.phx.gbl... Tom,
It can get kind of confusing. Here's more information.
First off, concerning the steps you provided, using Windows authentication against SQL Server is fine as long as you avoid any delegation of credentials issues. If SQL Server is on the same box as the Web server,
it will work fine. If you move SQL Server to another box, it will fail because your credentials will be delegated. Just keep that in mind. If you move SQL Server, you can still use Windows authentication against it, but you will need to use delegation and Kerberos authentication.
If you have anonymous enabled in IIS, if you are NOT impersonating, the application will run under the ASPNET account. If you turn on impersonation but don't specify a username and password, the application will run under the anonymous account (IUSR by default). If you specify a username and password, obviously the application will run under that user.
If you do NOT have anonymous enabled in IIS and you are NOT impersonating, the application will run under ASPNET. If you do have impersonation enabled, it will run under the person who is logged into the machine.
One more thing. Above when I say "the application will run under...", that's really a little misleading. What this really means is that the WindowsIdentity will refer to the user specified above.
Hope all of that makes some sense.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Tom B" <sh*****@NOSPAMhotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> <ut**************@TK2MSFTNGP10.phx.gbl> <7d**************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Fri, 17 Oct 2003 08:23:22 -0400 Lines: 114 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <ub**************@TK2MSFTNGP12.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:184889X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Impersonate! That's what it is.
It's an intranet, and I'm trying to use Windows Authentication. The odd thing, is it was working the other day, but when I added some stuff to
oneof my classes it stopped working ?!?
So would you (or someone else) be able to sum up the steps required?
1. web.config set authentication to "Windows" 2. SQL Server - set authentication to Windows Only (not really required,
Iguess) 3. SQL Server - set permissions for Domain Users 4. IIS Manager set authentication to Integrated Authentication 5. web.config set impersonate on???????????????????????? <-- That's the part I'm not sure of.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:7d**************@cpmsftngxa06.phx.gbl... Tom,
Are you using SQL Server authentication or Windows authentication
against SQL Server? Sounds like you are using Windows, and in that case, you either need to give the ASP.NET process account access to the SQL
Server database, or you need to impersonate.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> >Subject: Re: Integrated Authentication. >Date: Thu, 16 Oct 2003 16:00:47 -0400 >Lines: 55 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184756 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >Well, I catch the error and write out the Message, which is..... > >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. > >and Profiler shows the same. > > >"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message >news:m2**************@cpmsftngxa06.phx.gbl... >> Tom, >> >> What do you mean when you say that your SQL connection is still showing >> anonymous? >> >> Jim Cheshire [MSFT] >> Developer Support >> ASP.NET >> ja******@online.microsoft.com >> >> This post is provided as-is with no warranties and confers no
rights. >> >> -------------------- >> >From: "Tom B" <sh*****@NOSPAMhotmail.com> >> >Subject: Integrated Authentication. >> >Date: Thu, 16 Oct 2003 11:19:41 -0400 >> >Lines: 12 >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet >> >NNTP-Posting-Host: 216.46.141.98 >> >Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl >> >Xref: cpmsftngxa06.phx.gbl >microsoft.public.dotnet.framework.aspnet:184652 >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet >> > >> >In my web.config file I've specified Windows for the
authentication,in >IIS >> >I've set it to Integrated Authentication. >> > >> >But my SQL connection is still showing Anonymous. >> >Is there somewhere else I need to check? >> > >> >Thanks >> > >> > >> >Win 2003, SQL Server 2000 >> > >> > >> > >> > > >
OK, I found this http://msdn.microsoft.com/library/en...asp?frame=true
I think that should do it.
Thank you so much for your help.
Tom B
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:MB*************@cpmsftngxa06.phx.gbl... Tom,
It can get kind of confusing. Here's more information.
First off, concerning the steps you provided, using Windows authentication against SQL Server is fine as long as you avoid any delegation of credentials issues. If SQL Server is on the same box as the Web server,
it will work fine. If you move SQL Server to another box, it will fail because your credentials will be delegated. Just keep that in mind. If you move SQL Server, you can still use Windows authentication against it, but you will need to use delegation and Kerberos authentication.
If you have anonymous enabled in IIS, if you are NOT impersonating, the application will run under the ASPNET account. If you turn on impersonation but don't specify a username and password, the application will run under the anonymous account (IUSR by default). If you specify a username and password, obviously the application will run under that user.
If you do NOT have anonymous enabled in IIS and you are NOT impersonating, the application will run under ASPNET. If you do have impersonation enabled, it will run under the person who is logged into the machine.
One more thing. Above when I say "the application will run under...", that's really a little misleading. What this really means is that the WindowsIdentity will refer to the user specified above.
Hope all of that makes some sense.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Tom B" <sh*****@NOSPAMhotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> <ut**************@TK2MSFTNGP10.phx.gbl> <7d**************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Fri, 17 Oct 2003 08:23:22 -0400 Lines: 114 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <ub**************@TK2MSFTNGP12.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:184889X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Impersonate! That's what it is.
It's an intranet, and I'm trying to use Windows Authentication. The odd thing, is it was working the other day, but when I added some stuff to
oneof my classes it stopped working ?!?
So would you (or someone else) be able to sum up the steps required?
1. web.config set authentication to "Windows" 2. SQL Server - set authentication to Windows Only (not really required,
Iguess) 3. SQL Server - set permissions for Domain Users 4. IIS Manager set authentication to Integrated Authentication 5. web.config set impersonate on???????????????????????? <-- That's the part I'm not sure of.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:7d**************@cpmsftngxa06.phx.gbl... Tom,
Are you using SQL Server authentication or Windows authentication
against SQL Server? Sounds like you are using Windows, and in that case, you either need to give the ASP.NET process account access to the SQL
Server database, or you need to impersonate.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> >Subject: Re: Integrated Authentication. >Date: Thu, 16 Oct 2003 16:00:47 -0400 >Lines: 55 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184756 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >Well, I catch the error and write out the Message, which is..... > >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. > >and Profiler shows the same. > > >"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message >news:m2**************@cpmsftngxa06.phx.gbl... >> Tom, >> >> What do you mean when you say that your SQL connection is still showing >> anonymous? >> >> Jim Cheshire [MSFT] >> Developer Support >> ASP.NET >> ja******@online.microsoft.com >> >> This post is provided as-is with no warranties and confers no
rights. >> >> -------------------- >> >From: "Tom B" <sh*****@NOSPAMhotmail.com> >> >Subject: Integrated Authentication. >> >Date: Thu, 16 Oct 2003 11:19:41 -0400 >> >Lines: 12 >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet >> >NNTP-Posting-Host: 216.46.141.98 >> >Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl >> >Xref: cpmsftngxa06.phx.gbl >microsoft.public.dotnet.framework.aspnet:184652 >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet >> > >> >In my web.config file I've specified Windows for the
authentication,in >IIS >> >I've set it to Integrated Authentication. >> > >> >But my SQL connection is still showing Anonymous. >> >Is there somewhere else I need to check? >> > >> >Thanks >> > >> > >> >Win 2003, SQL Server 2000 >> > >> > >> > >> > > >
Actually, this ones better. http://msdn.microsoft.com/library/en...asp?frame=true
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:MB*************@cpmsftngxa06.phx.gbl... Tom,
It can get kind of confusing. Here's more information.
First off, concerning the steps you provided, using Windows authentication against SQL Server is fine as long as you avoid any delegation of credentials issues. If SQL Server is on the same box as the Web server,
it will work fine. If you move SQL Server to another box, it will fail because your credentials will be delegated. Just keep that in mind. If you move SQL Server, you can still use Windows authentication against it, but you will need to use delegation and Kerberos authentication.
If you have anonymous enabled in IIS, if you are NOT impersonating, the application will run under the ASPNET account. If you turn on impersonation but don't specify a username and password, the application will run under the anonymous account (IUSR by default). If you specify a username and password, obviously the application will run under that user.
If you do NOT have anonymous enabled in IIS and you are NOT impersonating, the application will run under ASPNET. If you do have impersonation enabled, it will run under the person who is logged into the machine.
One more thing. Above when I say "the application will run under...", that's really a little misleading. What this really means is that the WindowsIdentity will refer to the user specified above.
Hope all of that makes some sense.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Tom B" <sh*****@NOSPAMhotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> <ut**************@TK2MSFTNGP10.phx.gbl> <7d**************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Fri, 17 Oct 2003 08:23:22 -0400 Lines: 114 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <ub**************@TK2MSFTNGP12.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 216.46.141.98 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:184889X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Impersonate! That's what it is.
It's an intranet, and I'm trying to use Windows Authentication. The odd thing, is it was working the other day, but when I added some stuff to
oneof my classes it stopped working ?!?
So would you (or someone else) be able to sum up the steps required?
1. web.config set authentication to "Windows" 2. SQL Server - set authentication to Windows Only (not really required,
Iguess) 3. SQL Server - set permissions for Domain Users 4. IIS Manager set authentication to Integrated Authentication 5. web.config set impersonate on???????????????????????? <-- That's the part I'm not sure of.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:7d**************@cpmsftngxa06.phx.gbl... Tom,
Are you using SQL Server authentication or Windows authentication
against SQL Server? Sounds like you are using Windows, and in that case, you either need to give the ASP.NET process account access to the SQL
Server database, or you need to impersonate.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> >Subject: Re: Integrated Authentication. >Date: Thu, 16 Oct 2003 16:00:47 -0400 >Lines: 55 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184756 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >Well, I catch the error and write out the Message, which is..... > >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. > >and Profiler shows the same. > > >"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message >news:m2**************@cpmsftngxa06.phx.gbl... >> Tom, >> >> What do you mean when you say that your SQL connection is still showing >> anonymous? >> >> Jim Cheshire [MSFT] >> Developer Support >> ASP.NET >> ja******@online.microsoft.com >> >> This post is provided as-is with no warranties and confers no
rights. >> >> -------------------- >> >From: "Tom B" <sh*****@NOSPAMhotmail.com> >> >Subject: Integrated Authentication. >> >Date: Thu, 16 Oct 2003 11:19:41 -0400 >> >Lines: 12 >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet >> >NNTP-Posting-Host: 216.46.141.98 >> >Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP11.phx.gbl >> >Xref: cpmsftngxa06.phx.gbl >microsoft.public.dotnet.framework.aspnet:184652 >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet >> > >> >In my web.config file I've specified Windows for the
authentication,in >IIS >> >I've set it to Integrated Authentication. >> > >> >But my SQL connection is still showing Anonymous. >> >Is there somewhere else I need to check? >> > >> >Thanks >> > >> > >> >Win 2003, SQL Server 2000 >> > >> > >> > >> > > >
Tom,
Inline. I want to use Windows authentication.... So I need to set up delegation and Kerberos authentication, correct?
Yes, but only if you are using Windows authentication in SQL Server.
The other option, is to just set up a user account, and impersonate that account, right?
You can, but if you are using Windows authentication in SQL Server, you
will still need to use Kerberos or Basic authentication on the site or it
won't work.
Your last paragraph--"it will run under the person who is logged into the machine"--I assume you mean in the IIS/SQL on the same machine scenario.
This is not related to whether or not SQL Server and IIS are on the same
box. If you enable impersonation and don't have anonymous access enabled,
it will work this way.
Jim Cheshire [MSFT]
Developer Support
ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
--------------------From: "Tom B" <sh*****@hotmail.com> References: <#F**************@TK2MSFTNGP11.phx.gbl>
<m2**************@cpmsftngxa06.phx.gbl>
<ut**************@TK2MSFTNGP10.phx.gbl>
<7d**************@cpmsftngxa06.phx.gbl>
<ub**************@TK2MSFTNGP12.phx.gbl>
<MB*************@cpmsftngxa06.phx.gbl>Subject: Re: Integrated Authentication. Date: Fri, 17 Oct 2003 13:21:52 -0400 Lines: 203 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: <uI**************@TK2MSFTNGP09.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: 207.61.174.60 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP09.phx.gbl Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184981 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
OK, so in my scenario..... machineA is W2K3 IIS machine machineB is SQL
I want to use Windows authentication.... So I need to set up delegation and Kerberos authentication, correct?
Man, I think it was easier when I just used sa and a blank password ;)
The other option, is to just set up a user account, and impersonate that account, right?
Your last paragraph--"it will run under the person who is logged into the machine"--I assume you mean in the IIS/SQL on the same machine scenario.
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:MB*************@cpmsftngxa06.phx.gbl... Tom,
It can get kind of confusing. Here's more information.
First off, concerning the steps you provided, using Windows
authentication against SQL Server is fine as long as you avoid any delegation of credentials issues. If SQL Server is on the same box as the Web server,it will work fine. If you move SQL Server to another box, it will fail because your credentials will be delegated. Just keep that in mind. If you move SQL Server, you can still use Windows authentication against it, but you will need to use delegation and Kerberos authentication.
If you have anonymous enabled in IIS, if you are NOT impersonating, the application will run under the ASPNET account. If you turn on impersonation but don't specify a username and password, the application will run under the anonymous account (IUSR by default). If you specify a username and password, obviously the application will run under that
user. If you do NOT have anonymous enabled in IIS and you are NOT
impersonating, the application will run under ASPNET. If you do have impersonation enabled, it will run under the person who is logged into the machine.
One more thing. Above when I say "the application will run under...", that's really a little misleading. What this really means is that the WindowsIdentity will refer to the user specified above.
Hope all of that makes some sense.
Jim Cheshire [MSFT] Developer Support ASP.NET ja******@online.microsoft.com
This post is provided as-is with no warranties and confers no rights.
-------------------- >From: "Tom B" <sh*****@NOSPAMhotmail.com> >References: <#F**************@TK2MSFTNGP11.phx.gbl> <m2**************@cpmsftngxa06.phx.gbl> <ut**************@TK2MSFTNGP10.phx.gbl> <7d**************@cpmsftngxa06.phx.gbl> >Subject: Re: Integrated Authentication. >Date: Fri, 17 Oct 2003 08:23:22 -0400 >Lines: 114 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >Message-ID: <ub**************@TK2MSFTNGP12.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: 216.46.141.98 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl >Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:184889 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >Impersonate! That's what it is. > >It's an intranet, and I'm trying to use Windows Authentication. The odd >thing, is it was working the other day, but when I added some stuff toone >of my classes it stopped working ?!? > >So would you (or someone else) be able to sum up the steps required? > > >1. web.config set authentication to "Windows" >2. SQL Server - set authentication to Windows Only (not really
required,I >guess) >3. SQL Server - set permissions for Domain Users >4. IIS Manager set authentication to Integrated Authentication >5. web.config set impersonate on???????????????????????? <-- That's the >part I'm not sure of. > > >"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message >news:7d**************@cpmsftngxa06.phx.gbl... >> Tom, >> >> Are you using SQL Server authentication or Windows authenticationagainst >> SQL Server? Sounds like you are using Windows, and in that case, you >> either need to give the ASP.NET process account access to the SQLServer >> database, or you need to impersonate. >> >> Jim Cheshire [MSFT] >> Developer Support >> ASP.NET >> ja******@online.microsoft.com >> >> This post is provided as-is with no warranties and confers no rights. >> >> >> -------------------- >> >From: "Tom B" <sh*****@NOSPAMhotmail.com> >> >References: <#F**************@TK2MSFTNGP11.phx.gbl> >> <m2**************@cpmsftngxa06.phx.gbl> >> >Subject: Re: Integrated Authentication. >> >Date: Thu, 16 Oct 2003 16:00:47 -0400 >> >Lines: 55 >> >X-Priority: 3 >> >X-MSMail-Priority: Normal >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >Message-ID: <ut**************@TK2MSFTNGP10.phx.gbl> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet >> >NNTP-Posting-Host: 216.46.141.98 >> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl >> >Xref: cpmsftngxa06.phx.gbl >microsoft.public.dotnet.framework.aspnet:184756 >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet >> > >> >Well, I catch the error and write out the Message, which is..... >> > >> >Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. >> > >> >and Profiler shows the same. >> > >> > >> >"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in
message >> >news:m2**************@cpmsftngxa06.phx.gbl... >> >> Tom, >> >> >> >> What do you mean when you say that your SQL connection is still
showing >> >> anonymous? >> >> >> >> Jim Cheshire [MSFT] >> >> Developer Support >> >> ASP.NET >> >> ja******@online.microsoft.com >> >> >> >> This post is provided as-is with no warranties and confers no rights. >> >> >> >> -------------------- >> >> >From: "Tom B" <sh*****@NOSPAMhotmail.com> >> >> >Subject: Integrated Authentication. >> >> >Date: Thu, 16 Oct 2003 11:19:41 -0400 >> >> >Lines: 12 >> >> >X-Priority: 3 >> >> >X-MSMail-Priority: Normal >> >> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 >> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 >> >> >Message-ID: <#F**************@TK2MSFTNGP11.phx.gbl> >> >> >Newsgroups: microsoft.public.dotnet.framework.aspnet >> >> >NNTP-Posting-Host: 216.46.141.98 >> >> >Path:cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP11.phx.gbl >> >> >Xref: cpmsftngxa06.phx.gbl >> >microsoft.public.dotnet.framework.aspnet:184652 >> >> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet >> >> > >> >> >In my web.config file I've specified Windows for theauthentication, >in >> >IIS >> >> >I've set it to Integrated Authentication. >> >> > >> >> >But my SQL connection is still showing Anonymous. >> >> >Is there somewhere else I need to check? >> >> > >> >> >Thanks >> >> > >> >> > >> >> >Win 2003, SQL Server 2000 >> >> > >> >> > >> >> > >> >> >> > >> > >> > >> > > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: tcg_gilbert |
last post by:
I'm developing a web application for our local intranet that will allow users
to pull up a webpage and update or deleted or insert records into a database
as well as run reports etc...
Our DB...
|
by: Ravikanth[MVP] |
last post by:
Hi
It is possible that IIS and SQL Server can reside on
Seperate Machines and you can use Integrated Windows
Authentication to connect.
Ravikanth
>-----Original Message-----
|
by: Andrew |
last post by:
Hey all,
I would like to preface my question by stating I am still learning ASP.net
and while I am confident in the basics and foundation, the more advanced
stuff is still a challenge. Ok....
|
by: Patrick.O.Ige |
last post by:
Hi folks,
How can i pass credentials to windows integrated authentication.
I want to use my credentials from windows authentication and pass it on to
different asp.net and asp pages without having...
|
by: cdlipfert |
last post by:
Our intranet is running under windows integrated security. We have
domain users that want to access our intranet site via ssl vpn. SSL
VPN can not authenticate against services that run under...
|
by: Amedee Van Gasse |
last post by:
Hello,
Since it is the first time I'm posting in these groups, I believe a
(short) introduction of myself would not be a bad thing.
I am mainly a support engineer, not a programmer. I do have...
|
by: Dariusz Tomon |
last post by:
I got an ASPNET C# project from client. When I'm trying to open it in Visual
Studio I get error message:
"Unable to start debugging on the web server. Debugging failed because
integrated Windows...
|
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= |
last post by:
Now I have a web application, a web service and a SQL Server database.
The Web application will invoke the web service, the web service
invokes the SQL Server stored procedure.
I let the web...
|
by: benoitc |
last post by:
I've been having a problem debugging an ASP.NET 1.1 application on an
existing Windows XP/Visual Studio 2003 workstation that I've inherited
from somebody else. The application builds fine, but...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |