473,396 Members | 2,106 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > asp.net integrated authentication

Join Bytes to post your question to a community of 473,396 software developers and data experts.

ASP.NET Integrated Authentication

I'm developing a web application for our local intranet that will allow users
to pull up a webpage and update or deleted or insert records into a database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the integrated
authentication from the client's machine (through their domain login). The
user has been granted all the correct permission to the database server and
the database that will be updated. However it seems like the authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do the
update/delete/select we can get the app to work just fine. However, what we
want to do is to pass the clients authentication on to the database server...
not the web server’s authentication.

Any help I could get would be much appreciated..... this is driving me nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #1
8 1944
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #2
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #3
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh


Jul 21 '05 #4
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
I'm developing a web application for our local intranet that will allow
users
to pull up a webpage and update or deleted or insert records into a
database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the
integrated
authentication from the client's machine (through their domain login).
The
user has been granted all the correct permission to the database server
and
the database that will be updated. However it seems like the
authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is
DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do
the
update/delete/select we can get the app to work just fine. However, what
we
want to do is to pass the clients authentication on to the database
server...
not the web server's authentication.

Any help I could get would be much appreciated..... this is driving me
nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh


Jul 21 '05 #5
So, you're probably connecting to the database as the user that runs the
ASP.NET worker process.

You probably need to turn on impersonation in the web.config file to "pass
through" the credentials.

Add this to your web.config file:

<identity impersonate="true"/>
<authentication mode="Windows"/>

Let us know how you go.

"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:8C**********************************@microsof t.com...
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to
connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
> I'm developing a web application for our local intranet that will allow
> users
> to pull up a webpage and update or deleted or insert records into a
> database
> as well as run reports etc...
>
> Our DB server is on a Win2k3 OS using SQL Server 2000
> Our Web server is on a separate Win2kr OS using IIS 6
> Both the servers and the clients are part of the same domain.
>
> We've turned anonymous access off on the web and are passing the
> integrated
> authentication from the client's machine (through their domain login).
> The
> user has been granted all the correct permission to the database server
> and
> the database that will be updated. However it seems like the
> authentication
> is being passed to the web server and then the web server is passing a
> different set of authentication on to the database server? The
> authentication it is passing on to the database server is
> DOMAIN\MACHINENAME$.
>
> If we add that machine name to the SQL Server as having permission to
> do
> the
> update/delete/select we can get the app to work just fine. However,
> what
> we
> want to do is to pass the clients authentication on to the database
> server...
> not the web server's authentication.
>
> Any help I could get would be much appreciated..... this is driving me
> nuts
> and seems like a pretty common practice (having the db and the web on
> two
> separate machines).
>
> Thanks in advance.
> Josh
>


Jul 21 '05 #6
So, you're probably connecting to the database as the user that runs the
ASP.NET worker process.

You probably need to turn on impersonation in the web.config file to "pass
through" the credentials.

Add this to your web.config file:

<identity impersonate="true"/>
<authentication mode="Windows"/>

Let us know how you go.

"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:8C**********************************@microsof t.com...
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to
connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
> I'm developing a web application for our local intranet that will allow
> users
> to pull up a webpage and update or deleted or insert records into a
> database
> as well as run reports etc...
>
> Our DB server is on a Win2k3 OS using SQL Server 2000
> Our Web server is on a separate Win2kr OS using IIS 6
> Both the servers and the clients are part of the same domain.
>
> We've turned anonymous access off on the web and are passing the
> integrated
> authentication from the client's machine (through their domain login).
> The
> user has been granted all the correct permission to the database server
> and
> the database that will be updated. However it seems like the
> authentication
> is being passed to the web server and then the web server is passing a
> different set of authentication on to the database server? The
> authentication it is passing on to the database server is
> DOMAIN\MACHINENAME$.
>
> If we add that machine name to the SQL Server as having permission to
> do
> the
> update/delete/select we can get the app to work just fine. However,
> what
> we
> want to do is to pass the clients authentication on to the database
> server...
> not the web server's authentication.
>
> Any help I could get would be much appreciated..... this is driving me
> nuts
> and seems like a pretty common practice (having the db and the web on
> two
> separate machines).
>
> Thanks in advance.
> Josh
>


Jul 21 '05 #7
It is a restriction of the NTLM authentication protocol - your users
credentials cannot make a double hop across the network. The first hop is
from the users workstation to your webserver. The second hop is to the
database. To implement this, you need to use Kerberos authentication.

There are some good articles on MSDN on security that will be able to
explain the situation, and your options, much better than I can.

HTH
Dan

"tcg_gilbert" wrote:
I'm developing a web application for our local intranet that will allow users
to pull up a webpage and update or deleted or insert records into a database
as well as run reports etc...

Our DB server is on a Win2k3 OS using SQL Server 2000
Our Web server is on a separate Win2kr OS using IIS 6
Both the servers and the clients are part of the same domain.

We've turned anonymous access off on the web and are passing the integrated
authentication from the client's machine (through their domain login). The
user has been granted all the correct permission to the database server and
the database that will be updated. However it seems like the authentication
is being passed to the web server and then the web server is passing a
different set of authentication on to the database server? The
authentication it is passing on to the database server is DOMAIN\MACHINENAME$.

If we add that machine name to the SQL Server as having permission to do the
update/delete/select we can get the app to work just fine. However, what we
want to do is to pass the clients authentication on to the database server...
not the web server’s authentication.

Any help I could get would be much appreciated..... this is driving me nuts
and seems like a pretty common practice (having the db and the web on two
separate machines).

Thanks in advance.
Josh

Jul 21 '05 #8
Thanks a bunch for the help... unfortunatley... after I do that I start
getting permission denied for user <NULL> error. After doing some more
research I think this issue is more around the comments that Dan Kelley had
posted below. THough I believe I am using Kerebos authentication (since I'm
on a active directory domain). I'll post what I find here on the site once I
figure it out. THanks again... and if you have any additional thoughts
please let me know.
Josh
"Brendan Green" wrote:
So, you're probably connecting to the database as the user that runs the
ASP.NET worker process.

You probably need to turn on impersonation in the web.config file to "pass
through" the credentials.

Add this to your web.config file:

<identity impersonate="true"/>
<authentication mode="Windows"/>

Let us know how you go.

"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:8C**********************************@microsof t.com...
Here's the connection string:

server=SERVER001.dom.corp.azs.com;initial catalog = 2dbmn;Integrated
Security = SSPI; database=2dbmn;
"Brendan Green" wrote:
What logon information are you putting in your connection string to
connect
to the database?
"tcg_gilbert" <tc********@discussions.microsoft.com> wrote in message
news:3D**********************************@microsof t.com...
> I'm developing a web application for our local intranet that will allow
> users
> to pull up a webpage and update or deleted or insert records into a
> database
> as well as run reports etc...
>
> Our DB server is on a Win2k3 OS using SQL Server 2000
> Our Web server is on a separate Win2kr OS using IIS 6
> Both the servers and the clients are part of the same domain.
>
> We've turned anonymous access off on the web and are passing the
> integrated
> authentication from the client's machine (through their domain login).
> The
> user has been granted all the correct permission to the database server
> and
> the database that will be updated. However it seems like the
> authentication
> is being passed to the web server and then the web server is passing a
> different set of authentication on to the database server? The
> authentication it is passing on to the database server is
> DOMAIN\MACHINENAME$.
>
> If we add that machine name to the SQL Server as having permission to
> do
> the
> update/delete/select we can get the app to work just fine. However,
> what
> we
> want to do is to pass the clients authentication on to the database
> server...
> not the web server's authentication.
>
> Any help I could get would be much appreciated..... this is driving me
> nuts
> and seems like a pretty common practice (having the db and the web on
> two
> separate machines).
>
> Thanks in advance.
> Josh
>


Jul 21 '05 #9
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Is it possible for IIS and SQL server on Separate Machines with integrated auth
by: Ravikanth[MVP] | last post by:
Hi It is possible that IIS and SQL Server can reside on Seperate Machines and you can use Integrated Windows Authentication to connect. Ravikanth >-----Original Message-----
ASP.NET
9
Integrated Authentication.
by: Tom B | last post by:
In my web.config file I've specified Windows for the authentication, in IIS I've set it to Integrated Authentication. But my SQL connection is still showing Anonymous. Is there somewhere else I...
ASP.NET
4
Intranet and Integrated Windows Authentication
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok....
ASP.NET
3
Passing credentials to windows integrated authentication
by: Patrick.O.Ige | last post by:
Hi folks, How can i pass credentials to windows integrated authentication. I want to use my credentials from windows authentication and pass it on to different asp.net and asp pages without having...
ASP.NET
5
Passing User Credentials to site running under Integrated Security
by: cdlipfert | last post by:
Our intranet is running under windows integrated security. We have domain users that want to access our intranet site via ssl vpn. SSL VPN can not authenticate against services that run under...
ASP.NET
2
Integrated Windows Authentication, ASP.NET and FoxPro
by: Amedee Van Gasse | last post by:
Hello, Since it is the first time I'm posting in these groups, I believe a (short) introduction of myself would not be a bad thing. I am mainly a support engineer, not a programmer. I do have...
ASP.NET
5
ASP.NET Integrated Authentication
by: tcg_gilbert | last post by:
I'm developing a web application for our local intranet that will allow users to pull up a webpage and update or deleted or insert records into a database as well as run reports etc... Our DB...
.NET Framework
3
About the web service using Integrated windows authentication
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:
Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web...
.NET Framework
11
Unable to Debug because Integrated Windows Authentication is notEnabled
by: benoitc | last post by:
I've been having a problem debugging an ASP.NET 1.1 application on an existing Windows XP/Visual Studio 2003 workstation that I've inherited from somebody else. The application builds fine, but...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!