How to enforce to use user account, rather than NT Authority/Network Service?

Question

User1389651474 posted

 This code below is written on page_load and it runs on a Visual Studio Development Server (2005) mode.  I use the SQL Profiler to trace on what account is running on the Roles' and Profiles' functions.

The results came out on a Visual Studio Development Server mode:

It run on the user account which is what I wanted.

 

I use VS 2005 to publish it (Build --> Publish) to the IIS (v6) and run the SQL Profile again.  The result came out:

It run on NT Authority\Network Service which is NOT what I want.

 Here is my snippet of my web.config:

    <authentication mode="Windows">

    </authentication>
    <identity impersonate ="true"/>
    <authorization>
      <deny users="?"/>
    </authorization>

   <roleManager enabled="true" defaultProvider="SqlRoleManager" >
      <providers>
        <clear/>
        <add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="ABCConnectionString" applicationName="ABC" />
      </providers>
    </roleManager>

    <profile defaultProvider ="ABCSQLProfileProvider" enabled="true">
      <providers>
        <clear/>
        <add name="ABCSQLProfileProvider" connectionStringName="ABCConnectionString" applicationName="ABC" type= "System.Web.Profile.SqlProfileProvider" />
      </providers>
      <properties>
        <add name="UserDropProfile" type="String" defaultValue="" />
        <add name="UserFontSize" type="String" defaultValue="tdtssmaller.css" />
      </properties>
    </profile>
   

<connectionStrings>
     <clear/>
     <add name="LocalSqlServer" connectionString="Data Source=...;Initial Catalog=TDTS;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
     <add name="ABCConnectionString" connectionString="Data Source=...;Initial Catalog=TDTS;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
  </connectionStrings>

 

Does anyone here have any ideas how to enforce this to use user account, rather than NT Authority/Network Service on IIS mode?  Any information would be appreciated...

 

Snippet Code of Profile, User Roles and User Identity

        Dim User As Principal.IPrincipal = System.Web.HttpContext.Current.User
        Dim UserProfile As Object = HttpContext.Current.Profile

        If User Is Nothing Then
            Response.Redirect("~/InvalidUser.aspx")
        Else
            If Roles.GetRolesForUser(User.Identity.Name).Count > 0 Then
                lblWhoLogOn.Text = User.Identity.Name
            Else
                Response.Redirect("~/InvalidUser.aspx")
            End If
        End If

        If (UserProfile Is Nothing) Then
            MyStyleSheet.Href = "css/tdtssmaller.css"
            UserProfile.SetPropertyValue(cFontProfileName, "tdtssmaller.css")
        ElseIf (UserProfile.GetPropertyValue(cFontProfileName).ToString = String.Empty) Then
            MyStyleSheet.Href = "css/tdtssmaller.css"
            UserProfile.SetPropertyValue(cFontProfileName, "tdtssmaller.css")
        Else
            MyStyleSheet.Href = "css/".ToString & UserProfile.GetPropertyValue(cFontProfileName).ToString
        End If

 

Answer 1

User-738352979 posted

  Integrated Security=SSPI;"

 first change i will suggest that use Integrated Security=Ture.

 

and go to

 run-> Inetmgr-> ur website->

rightclick -> properties-> directry secuirty->

 edit-> and here u have

 checked windows integrated secuirty check box.

Answer 2

User372121194 posted

Hi,

To impersonate window identity in ASP.NET correctly, please disable "Anonymous access" and enable "Integrated Windows authentication" on IIS.

Where is your SQL Server? If your ASP.NET application server and SQL Server are not in same machine, IIS cannot delegate that user's credentials to a remote machine. So it always uses ASP.NET server name (<Domain>\<MachineName>$) to login SQL server.

If so, I suggest you use SQL authentication in connection string with userid and password.

For more information, you can refer to related discussion on http://forums.asp.net/t/1433961.aspx

I look forward to receiving your test results.