Did you enable Integrated Authentication and disable Anonymous
authentication in IIS? Because when you set <authentication
mode="Windows"/it means ASP.Net does no authentication and uses IIS
to negotiate authentication, so you need to configure IIS to require
NTLM. Then, you need <identity impersonate="true"/for ASP.Net to use
the user token negotiated by IIS instead of stripping it off like it
does by default. Only by doing these two steps do you end up with a NT
user token to be able to begin the game of Delegation and Protocol
Transitioning with AD...
And to clarify what you are describing -- you have three separate
servers (one with SQL, one with IIS, one with AD), the web page is on
IIS, it is trying to access the SQL server, and getting that logon
failure when you access the web page from a machine on the same network
segment as IIS?
//David
http
Patrick wrote:
Hello
I have the following scenario
- SQL 2005 server (serversql)
- Windows 2003 with IIS (serveriis)
- Windows 2003 ADS (serverads)
I want to connect to an intranet application using NTML with impersonation
and delegation. so for this I made the following change in web.config
<identity impersonate="true"/>
<authentication mode="Windows"/>
Then in the Active Directory i did the following change:
Computers\serveriis -properties -delegation
- Trust this computer for delegation on these services. Any protocol. And
then I have added the www and w3svc services
But when connecting to the webpage, I always get this error:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
any idea what is wrong?
Thanks
Patrick