473,326 Members | 2,655 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Login failed for NT Authority\Anonymous Logon

Hi,

We have an application running on IIS 6.0, on a windows 2003 box. The
back-end database, a SQL Server 2000, runs on anohter server, windows 2000.

We have enabled integrated authentication, and provided the windows account
the appropriate permissions in SQL Server.

If running the application locally on the server, the user authenticates
fine. When accessing the application remotely, a SQL exception, "Login failed
for NT Authority\Anonymous Logon", is thrown.

The website node only allows windows integrated authentication. The
Web.config has been setup correctly to allow identity impersonation and
windows authentication.

Note that we have a number of users who access this applicaiton. They all
belong to one Active Directory group.

From my research, I can see that the issue is related to delegation
permissions, hence the ability to authenticate locally on the server and not
remotely given the extra "hop".

My question is, what are the exact permissions that will need to be set in
order to allow users to authenticate when accessing the application remotely?
What should the identity be for the application pool?

Thanks for your help!

Adnan
Oct 5 '06 #1
2 9049
It seems obvious that the web app is allowed anonymous access although
accroding to you that the web.config for the web app is configured for
Window authentication and impersonation is enabled.

It is possible that the IIS setup on that web app is not correct. Remember,
ASP.NET is run on top of IIS. So, the IIS must be set up correctly before
ASP.NET App's web.config can work correctly.

To enforce Windows authentication and impersonate the ASP.NET running
account to a diferent (domain or machine) user account (instead of
ASPNET/Network Service), you must not allow anonymous access. In IIS
Manager, right-click the web app and select "Propoerties->Directory
Security", click "Edit..." button in "Authentication..." box, Then in
"Authentication Method" dialog, make sure ONLY "Integrated Windows
authentication" is checked.
"Adnan Al-Ghourabi" <alghourabi at yahoo.comwrote in message
news:2F**********************************@microsof t.com...
Hi,

We have an application running on IIS 6.0, on a windows 2003 box. The
back-end database, a SQL Server 2000, runs on anohter server, windows
2000.

We have enabled integrated authentication, and provided the windows
account
the appropriate permissions in SQL Server.

If running the application locally on the server, the user authenticates
fine. When accessing the application remotely, a SQL exception, "Login
failed
for NT Authority\Anonymous Logon", is thrown.

The website node only allows windows integrated authentication. The
Web.config has been setup correctly to allow identity impersonation and
windows authentication.

Note that we have a number of users who access this applicaiton. They all
belong to one Active Directory group.

From my research, I can see that the issue is related to delegation
permissions, hence the ability to authenticate locally on the server and
not
remotely given the extra "hop".

My question is, what are the exact permissions that will need to be set in
order to allow users to authenticate when accessing the application
remotely?
What should the identity be for the application pool?

Thanks for your help!

Adnan

Oct 5 '06 #2
Hi Norman,

Thanks for your reply.

Only integrated authentication is enabled in IIS; anonymous access IS
disabled. I know for sure that the problem is related to delegation as I
mentioned in my post.

I did come across a solution online:

http://msdn.microsoft.com/msdnmag/is...ecurityBriefs/

I haven't implemented that solution yet, but it does address the exact
problem I am having.

Thanks!

Adnan

"Norman Yuan" wrote:
It seems obvious that the web app is allowed anonymous access although
accroding to you that the web.config for the web app is configured for
Window authentication and impersonation is enabled.

It is possible that the IIS setup on that web app is not correct. Remember,
ASP.NET is run on top of IIS. So, the IIS must be set up correctly before
ASP.NET App's web.config can work correctly.

To enforce Windows authentication and impersonate the ASP.NET running
account to a diferent (domain or machine) user account (instead of
ASPNET/Network Service), you must not allow anonymous access. In IIS
Manager, right-click the web app and select "Propoerties->Directory
Security", click "Edit..." button in "Authentication..." box, Then in
"Authentication Method" dialog, make sure ONLY "Integrated Windows
authentication" is checked.
"Adnan Al-Ghourabi" <alghourabi at yahoo.comwrote in message
news:2F**********************************@microsof t.com...
Hi,

We have an application running on IIS 6.0, on a windows 2003 box. The
back-end database, a SQL Server 2000, runs on anohter server, windows
2000.

We have enabled integrated authentication, and provided the windows
account
the appropriate permissions in SQL Server.

If running the application locally on the server, the user authenticates
fine. When accessing the application remotely, a SQL exception, "Login
failed
for NT Authority\Anonymous Logon", is thrown.

The website node only allows windows integrated authentication. The
Web.config has been setup correctly to allow identity impersonation and
windows authentication.

Note that we have a number of users who access this applicaiton. They all
belong to one Active Directory group.

From my research, I can see that the issue is related to delegation
permissions, hence the ability to authenticate locally on the server and
not
remotely given the extra "hop".

My question is, what are the exact permissions that will need to be set in
order to allow users to authenticate when accessing the application
remotely?
What should the identity be for the application pool?

Thanks for your help!

Adnan


Oct 6 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

23
by: cerilocke | last post by:
I have an identical SQL database on two machines (my machine and a web server) that links to a database on a third server (S3). When I execute a stored procedure on my machine that accesses a...
3
by: Mike Hutton | last post by:
Hi, I have tried to keep things simple. Not simple enough, obviously. I have a set of intranet ASP.NET pages which access a SQL back-end through the normal SQLConnection stuff. I want to use...
3
by: Maellic | last post by:
Hi, The website I am working on is built with ASP.NET and connects to a SQL Server 2000 database. The web server and database are on the same machine. I have recently tried to modify the timeout...
10
by: et | last post by:
I have an asp.net program that uses a connection string, using integrated security to connect to a sql database. It runs fine on one server, but the other server gives me the error that "Login...
4
by: Chuck Bowling | last post by:
I'm having a problem that i really don't understand. I'm new to ASP.NET and to SQL Server (MSDE). I'm trying to get a VS walkthru in the C# to work. I think the problem is permissions but I'm not...
2
by: Andrzej Magdziarz | last post by:
Hello, (sorry for my English...) Could you help me with a SQL Server 2005 problem? I had installed SQL Server 2005 and then I tried to setup some application using SQL Server. Unfortunatelly...
3
by: SAL | last post by:
Hello, I'm a total asp.net newbie. I'm developing a web app and on my machine I login to a sql server just fine using NT Authentication via the connection string as: Integrated Security=True ...
3
by: gderosa | last post by:
I have been getting that dreaded error in my application: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. I have had my application in the test environment, impersonating it using a...
4
by: eruth | last post by:
There are loads of post on this, but nothing that seems to cover my exact problem ;) I have an ASP.Net 1.1 web application running on my local machine. I want to connect to an SQL 2005 server...
1
by: cactuscrust | last post by:
I'm running IIS6 Windows2003, and as you'll see very quickly.. I'm pretty new to this stuff. Lately I've been getting bombarded with login attempts.... sometimes several in the same second, and it...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.