<ad*********@gmail.comwrote in message
news:11**********************@i13g2000prf.googlegr oups.com...
Hello, we have an ASP.NET website which uses NT authentication to
authenticate against an AD server.
We then have a set of business objects which are used to store /
retrieve information into database tables.
The business objects retrieve the connection string from the
web.config and use Integrated Security to connect to the database
e.g our connection string looks like the following
Data Source=MSSQLSERVER;Initial Catalog=DatabaseName;Integrated
Security=True
The problem we are having is that the business object is not
inheriting the NT login/ password from the logged in user but tries to
run as the local account. As such the database login fails.
Any ideas welcome
Thanks
Adam
This works only when you have set-up Kerberos Authentication, which implies
:
- that you are running in a pure Kerberos realm, that is, you must be sure
Kerberos is used as Authentication protocol, NTLM will no do.
- that you have set the Webserver (IIS Server) as being trusted for
delegation
- that your clients are all running IE and all have "Windows Authentication"
enabled.
- and that you have correctly registered a SPN for SQL Server.
Note that it makes no sense to authenticate against an AD , authentication
will be done implicitly in such a scenario .
Note also that this way you throw away the advantages offered by "Connection
Pooling", each client uses it's own non-pooled physical connection.
Please consult SQL BOL for details on How to Enable Kerberos Authentication
for SQL Server (SQL2000 SP3 and up).
Willy.
