Hi,
What Bruce said is reasonable. This is a typical í¦double hopí¦ issue. For
the security reason the impersonated identity can only be used to access
the resources that are owned by the web server itself.
The following article describes the í¦double hopí¦ issue in detail and
provides some workarounds:
http://blogs.msdn.com/nunos/archive/.../12/88468.aspx
If you have further questions please feel free to ask.
Regards,
Allen Chen
Microsoft Online Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.
Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subs.../aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "WT" <WT@newsgroups.nospam>
| References: <3F**********************************@microsoft.co m>
<f8**********************************@w39g2000prb. googlegroups.com>
| In-Reply-To:
<f8**********************************@w39g2000prb. googlegroups.com>
| Subject: Re: Problem with sql connection with impersonate true
| Date: Tue, 11 Nov 2008 17:40:24 +0100
| Lines: 63
| Message-ID: <73**********************************@microsoft.co m>
| MIME-Version: 1.0
| Content-Type: text/plain;
| format=flowed;
| charset="iso-8859-1";
| reply-type=original
| Content-Transfer-Encoding: 8bit
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
| X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
| X-MS-CommunityGroup-PostID: {73784E56-5FAD-4E19-AB55-3967B406894E}
| X-MS-CommunityGroup-ThreadID: 3FAEB607-A1D7-48DB-9EB9-03477E55BB8B
| X-MS-CommunityGroup-ParentID: 73A55EAF-493C-4261-A896-307D82E2F318
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:79661
| NNTP-Posting-Host: TK2MSFTNGHUB02.phx.gbl 127.0.0.1
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Thanks Joe,
|
| But I need to impersonate in all the application, using credential to
| authentify on other services.
| My question is why SQL doesn't recognize my credentials as my IE is
| configured to use them ?
| Is it a windows/kerberos problem between IIS being on one server and sql
on
| another (2 jumps) ?
| How to avod this ?
|
| CS
|
| "Joey" <jo*********@topscene.coma écrit dans le message de
| news:f8**********************************@w39g2000 prb.googlegroups.com...
| On Nov 11, 6:06 am, "WT" <W...@newsgroups.nospamwrote:
| Hello,
| >
| IIS6 on W2K3, .net 3.5, Sql 2005.
| All sp applied.
| >
| My site is using windows authentication only and the web application
| connects to sql server residing on another server in the same domain
using
| following connection string:
| <connectionStrings>
| <add name="My_ConnectionString"
| >
connectionString="server=localhost;database=MyDB;T rusted_Connection=true;"
| providerName="System.Data.SqlClient"/>
| </connectionStrings>
| >
| When browsing on the IIS server, I have no connection problem, but when
| starting the application from anoter station or server in same domain I
| get
| following error:
| >
| System.Data.SqlClient.SqlException: Login failed for user 'NT
| AUTHORITY\ANONYMOUS LOGON'.
| at System.Data.ProviderBase.DbConnectionPool.GetConne ction(DbConnection
| owningObject)
| at
| System.Data.ProviderBase.DbConnectionFactory.GetCo nnection(DbConnection
| owningConnection)
| at
| System.Data.ProviderBase.DbConnectionClosed.OpenCo nnection(DbConnection
| outerConnection, DbConnectionFactory connectionFactory)
| at System.Data.SqlClient.SqlConnection.Open()
| >
| I don't understand why ado.net is doing the connexion with the account
NT
| AUTHORITY\ANONYMOUS LOGON a my current user is member of and
authentified
| on
| domain.
| It even is member of an AD group which has public access to the DB used
by
| my application ?
| >
| Any help welcome.
| >
| CS
|
| You should look at adding an Identity to your configuration. One way
| is simply to enter an identity tag containing user name and password
| info into your application's web.config file. It would then run in the
| context of that identity. There are even options for encrypting the
| password.
|
|
