473,378 Members | 1,571 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,378 software developers and data experts.

ASP.NET Integrated Authentication

I'm developing a web application for our local intranet that will allow users
to pull up a webpage and update or deleted or insert records into a database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the integrated
authentication from the client's machine (through their domain login). The
user has been granted all the correct permission to the database server and
the database that will be updated. However it seems like the authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do the
update/delete/select we can get the app to work just fine. However, what we
want to do is to pass the clients authentication on to the database server...
not the web server’s authentication.

Any help I could get would be much appreciated..... this is driving me nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #1
8 1942
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #2
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #3
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh


Jul 21 '05 #4
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh


Jul 21 '05 #5
So, you're probably connecting to the database as the user that runs the
ASP.NET worker process.

You probably need to turn on impersonation in the web.config file to "pass
through" the credentials.

Add this to your web.config file:

<identity impersonate="true"/>
<authentication mode="Windows"/>

Let us know how you go.

"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:8C**********************************@microsof t.com...
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to
connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
> I'm developing a web application for our local intranet that will allow
> users
> to pull up a webpage and update or deleted or insert records into a
> database
> as well as run reports etc...
>
> Our DB server is on a Win2k3 OS using SQL Server 2000
> Our Web server is on a separate Win2kr OS using IIS 6
> Both the servers and the clients are part of the same domain.
>
> We've turned anonymous access off on the web and are passing the
> integrated
> authentication from the client's machine (through their domain login).
> The
> user has been granted all the correct permission to the database server
> and
> the database that will be updated. However it seems like the
> authentication
> is being passed to the web server and then the web server is passing a
> different set of authentication on to the database server? The
> authentication it is passing on to the database server is
> DOMAIN\MACHINENAME$.
>
> If we add that machine name to the SQL Server as having permission to
> do
> the
> update/delete/select we can get the app to work just fine. However,
> what
> we
> want to do is to pass the clients authentication on to the database
> server...
> not the web server's authentication.
>
> Any help I could get would be much appreciated..... this is driving me
> nuts
> and seems like a pretty common practice (having the db and the web on
> two
> separate machines).
>
> Thanks in advance.
> Josh
>


Jul 21 '05 #6
So, you're probably connecting to the database as the user that runs the
ASP.NET worker process.

You probably need to turn on impersonation in the web.config file to "pass
through" the credentials.

Add this to your web.config file:

<identity impersonate="true"/>
<authentication mode="Windows"/>

Let us know how you go.

"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:8C**********************************@microsof t.com...
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to
connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
> I'm developing a web application for our local intranet that will allow
> users
> to pull up a webpage and update or deleted or insert records into a
> database
> as well as run reports etc...
>
> Our DB server is on a Win2k3 OS using SQL Server 2000
> Our Web server is on a separate Win2kr OS using IIS 6
> Both the servers and the clients are part of the same domain.
>
> We've turned anonymous access off on the web and are passing the
> integrated
> authentication from the client's machine (through their domain login).
> The
> user has been granted all the correct permission to the database server
> and
> the database that will be updated. However it seems like the
> authentication
> is being passed to the web server and then the web server is passing a
> different set of authentication on to the database server? The
> authentication it is passing on to the database server is
> DOMAIN\MACHINENAME$.
>
> If we add that machine name to the SQL Server as having permission to
> do
> the
> update/delete/select we can get the app to work just fine. However,
> what
> we
> want to do is to pass the clients authentication on to the database
> server...
> not the web server's authentication.
>
> Any help I could get would be much appreciated..... this is driving me
> nuts
> and seems like a pretty common practice (having the db and the web on
> two
> separate machines).
>
> Thanks in advance.
> Josh
>


Jul 21 '05 #7
It is a restriction of the NTLM authentication protocol - your users
credentials cannot make a double hop across the network. The first hop is
from the users workstation to your webserver. The second hop is to the
database. To implement this, you need to use Kerberos authentication.

There are some good articles on MSDN on security that will be able to
explain the situation, and your options, much better than I can.

HTH
Dan

"tcg_gilbert" wrote:
I'm developing a web application for our local intranet that will allow users
to pull up a webpage and update or deleted or insert records into a database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the integrated
authentication from the client's machine (through their domain login). The
user has been granted all the correct permission to the database server and
the database that will be updated. However it seems like the authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do the
update/delete/select we can get the app to work just fine. However, what we
want to do is to pass the clients authentication on to the database server...
not the web server’s authentication.

Any help I could get would be much appreciated..... this is driving me nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #8
Thanks a bunch for the help... unfortunatley... after I do that I start
getting permission denied for user <NULL> error. After doing some more
research I think this issue is more around the comments that Dan Kelley had
posted below. THough I believe I am using Kerebos authentication (since I'm
on a active directory domain). I'll post what I find here on the site once I
figure it out. THanks again... and if you have any additional thoughts
please let me know.
Josh
"Brendan Green" wrote:
So, you're probably connecting to the database as the user that runs the
ASP.NET worker process.

You probably need to turn on impersonation in the web.config file to "pass
through" the credentials.

Add this to your web.config file:

<identity impersonate="true"/>
<authentication mode="Windows"/>

Let us know how you go.

"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:8C**********************************@microsof t.com...
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to
connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
> I'm developing a web application for our local intranet that will allow
> users
> to pull up a webpage and update or deleted or insert records into a
> database
> as well as run reports etc...
>
> Our DB server is on a Win2k3 OS using SQL Server 2000
> Our Web server is on a separate Win2kr OS using IIS 6
> Both the servers and the clients are part of the same domain.
>
> We've turned anonymous access off on the web and are passing the
> integrated
> authentication from the client's machine (through their domain login).
> The
> user has been granted all the correct permission to the database server
> and
> the database that will be updated. However it seems like the
> authentication
> is being passed to the web server and then the web server is passing a
> different set of authentication on to the database server? The
> authentication it is passing on to the database server is
> DOMAIN\MACHINENAME$.
>
> If we add that machine name to the SQL Server as having permission to
> do
> the
> update/delete/select we can get the app to work just fine. However,
> what
> we
> want to do is to pass the clients authentication on to the database
> server...
> not the web server's authentication.
>
> Any help I could get would be much appreciated..... this is driving me
> nuts
> and seems like a pretty common practice (having the db and the web on
> two
> separate machines).
>
> Thanks in advance.
> Josh
>


Jul 21 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Ravikanth[MVP] | last post by:
Hi It is possible that IIS and SQL Server can reside on Seperate Machines and you can use Integrated Windows Authentication to connect. Ravikanth >-----Original Message-----
9
by: Tom B | last post by:
In my web.config file I've specified Windows for the authentication, in IIS I've set it to Integrated Authentication. But my SQL connection is still showing Anonymous. Is there somewhere else I...
4
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok....
3
by: Patrick.O.Ige | last post by:
Hi folks, How can i pass credentials to windows integrated authentication. I want to use my credentials from windows authentication and pass it on to different asp.net and asp pages without having...
5
by: cdlipfert | last post by:
Our intranet is running under windows integrated security. We have domain users that want to access our intranet site via ssl vpn. SSL VPN can not authenticate against services that run under...
2
by: Amedee Van Gasse | last post by:
Hello, Since it is the first time I'm posting in these groups, I believe a (short) introduction of myself would not be a bad thing. I am mainly a support engineer, not a programmer. I do have...
5
by: tcg_gilbert | last post by:
I'm developing a web application for our local intranet that will allow users to pull up a webpage and update or deleted or insert records into a database as well as run reports etc... Our DB...
3
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:
Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web...
11
by: benoitc | last post by:
I've been having a problem debugging an ASP.NET 1.1 application on an existing Windows XP/Visual Studio 2003 workstation that I've inherited from somebody else. The application builds fine, but...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.