locked
Authentication Problems from logged in domain User with SQL connection - Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. RRS feed

  • Question

  • User-1295713781 posted

     have attached my connection string and the error I am receiving on the user computer.  If I am on the host machine logged in as administrator.  Everything works great.  If I go to a user computer on the domain.  It recognizes that they are logged in as user 'NT AUTHORITY\ANONYMOUS LOGON'

    Then when the user name is passed to the connection, it fails.  

    In my event log on the host machine I can see this in the error log

    Event Type:      Warning
    Event Source:      ASP.NET 2.0.50727.0
    Event Category:      Web Event
    Event ID:      1309
    Date:            9/22/2008
    Time:            3:30:47 PM
    User:            N/A
    Computer:      ACF000
    Description:
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 9/22/2008 3:30:47 PM
    Event time (UTC): 9/22/2008 7:30:47 PM
    Event ID: 36ef5d94792c4b1dbd8a49ec9a8ccde5
    Event sequence: 16
    Event occurrence: 1
    Event detail code: 0
     
    Application information:
        Application domain: /LM/W3SVC/1/Root/ACF-3-128665854386187092
        Trust level: Full
        Application Virtual Path: /ACF
        Application Path: C:\Inetpub\wwwroot\ACF\
        Machine name: ACF000
     
    Process information:
        Process ID: 2020
        Process name: aspnet_wp.exe
        Account name: ACF000\ASPNET
     
    Exception information:
        Exception type: SqlException
        Exception message: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
     
    Request information:
        Request URL: http://acf000/ACF/Times.aspx
        Request path: /ACF/Times.aspx
        User host address: 192.168.2.106
        User: ACFUNDING\stacie
        Is authenticated: True
        Authentication Type: Negotiate
        Thread account name: ACF000\ASPNET
     
    Thread information:
        Thread ID: 1
        Thread account name: ACF000\ASPNET
        Is impersonating: False
        Stack trace:    at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
       at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
       at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)
       at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
       at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)
       at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)
       at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)
       at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)
       at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)
       at System.Data.SqlClient.SqlConnection.Open()
       at Times.RefreshButton_Click(Object sender, EventArgs e) in C:\Inetpub\wwwroot\ACF\Times.aspx.vb:line 19
       at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
       at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
       at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     
     
    Custom event details:

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    anyone know whats up???
     

    Protected Sub RefreshButton_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles RefreshButton.Click
     
            Dim username As String = HttpContext.Current.User.Identity.Name.Substring(HttpContext.Current.User.Identity.Name.IndexOf("\") + 1)
            Dim cs As String = "Data Source=AMCAP000;Initial Catalog=ACFTimeClock;Integrated Security=SSPI;Trusted_Connection=Yes"
     
     
            Using con As New System.Data.SqlClient.SqlConnection(cs)
     
                con.Open()
     
                Dim cmd As New System.Data.SqlClient.SqlCommand()
                cmd.Connection = con
                cmd.CommandType = Data.CommandType.StoredProcedure
                cmd.CommandText = "ACF_Select_User"
                cmd.Parameters.Add("@ad_user", Data.SqlDbType.NVarChar, 50).Value = username
     
     
                Using reader As System.Data.SqlClient.SqlDataReader = cmd.ExecuteReader()
                    GridView1.DataSource = reader
                    GridView1.DataBind()
     
                End Using
     
                con.Close()
     
            End Using
     
        End Sub
     
     
     
     
     
     
    Server Error in '/ACF' Application.
    --------------------------------------------------------------------------------
     
    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. 
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
     
    Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
     
    Source Error: 
     
     
    Line 17:         Using con As New System.Data.SqlClient.SqlConnection(cs)
    Line 18: 
    Line 19:             con.Open()
    Line 20: 
    Line 21:             Dim cmd As New System.Data.SqlClient.SqlCommand()
     
     
    Source File: C:\Inetpub\wwwroot\ACF\Times.aspx.vb    Line: 19 
     
    Stack Trace: 
     
     
    [SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
       System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +4844759
       System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +194
       System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2392
       System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +35
       System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) +144
       System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +342
       System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +221
       System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +189
       System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +185
       System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31
       System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +433
       System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66
       System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +499
       System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +65
       System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +117
       System.Data.SqlClient.SqlConnection.Open() +122
       Times.RefreshButton_Click(Object sender, EventArgs e) in C:\Inetpub\wwwroot\ACF\Times.aspx.vb:19
       System.Web.UI.WebControls.Button.OnClick(EventArgs e) +111
       System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +110
       System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
       System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
       System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565
     
     
     
     
    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053
     
    Open in New Window Select All Tags: 
    
    
    
    
    
    
    WEB.CONFIG
    ---------------------------------------------
    
    
    <?xml version="1.0"?>
    <!-- 
        Note: As an alternative to hand editing this file you can use the 
        web admin tool to configure settings for your application. Use
        the Website->Asp.Net Configuration option in Visual Studio.
        A full list of settings and comments can be found in 
        machine.config.comments usually located in 
        \Windows\Microsoft.Net\Framework\v2.x\Config 
    -->
    <configuration>
    	<configSections>
    		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
    			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
    				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
    				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
    					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
    					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
    					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
    					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
    				</sectionGroup>
    			</sectionGroup>
    		</sectionGroup>
    	</configSections>
    	<appSettings/>
    	<connectionStrings>
      <add name="ACFTimeClockConnectionString" connectionString="Data Source=AMCAP000;Initial Catalog=ACFTimeClock;Integrated Security=SSPI;Trusted_Connection=Yes"
       providerName="System.Data.SqlClient" />
      <add name="ACF_CASE_TRACKINGConnectionString" connectionString="Data Source=AMCAP000;Initial Catalog=ACF_CASE_TRACKING;Integrated Security=SSPI;Trusted_Connection=Yes"
       providerName="System.Data.SqlClient" />
     </connectionStrings>
    	<system.web>
     
        <customErrors mode="Off"/>
     
        <!-- 
                Set compilation debug="true" to insert debugging 
                symbols into the compiled page. Because this 
                affects performance, set this value to true only 
                during development.
            -->
    		<compilation debug="true">
    			<assemblies>
    				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
    				<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
    				<add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    				<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies>
    		</compilation>
    		<!--
                The <authentication> section enables configuration 
                of the security authentication mode used by 
                ASP.NET to identify an incoming user. 
            -->
    		<authentication mode="Windows"/>
     
        <identity impersonate="true" />
       
        <authorization>
          <allow users ="*"/>
           <deny users="?" />
        </authorization>
    		<!--
                The <customErrors> section enables configuration 
                of what to do if/when an unhandled error occurs 
                during the execution of a request. Specifically, 
                it enables developers to configure html error pages 
                to be displayed in place of a error stack trace.
     
            <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
                <error statusCode="403" redirect="NoAccess.htm" />
                <error statusCode="404" redirect="FileNotFound.htm" />
            </customErrors>
            -->
    		<pages theme="Blue">
    			<controls>
            <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
            <add namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" tagPrefix="ajaxToolkit"/>
    				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    			</controls>
    		</pages>
    		<httpHandlers>
    			<remove verb="*" path="*.asmx"/>
    			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
    		</httpHandlers>
    		<httpModules>
    			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    		</httpModules>
    		<!--
                This is the profile setup.
            -->
        <anonymousIdentification enabled="true"/>
        
    		<profile>
    			<properties>
    				<add name="FullName" allowAnonymous="true" defaultValue="Anonymous"/>
    				<add name="MyTheme" allowAnonymous="true" defaultValue="Blue"/>
    			</properties>
    		</profile>
    	</system.web>
    	<system.codedom>
    		<compilers>
    			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    				<providerOption name="CompilerVersion" value="v3.5"/>
    				<providerOption name="WarnAsError" value="false"/>
    			</compiler>
    			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
    				<providerOption name="CompilerVersion" value="v3.5"/>
    				<providerOption name="OptionInfer" value="true"/>
    				<providerOption name="WarnAsError" value="false"/>
    			</compiler>
    		</compilers>
    	</system.codedom>
    	<!-- 
            The system.webServer section is required for running ASP.NET AJAX under Internet
            Information Services 7.0.  It is not necessary for previous version of IIS.
        -->
    	<system.webServer>
    		<validation validateIntegratedModeConfiguration="false"/>
    		<modules>
    			<remove name="ScriptModule"/>
    			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    		</modules>
    		<handlers>
    			<remove name="WebServiceHandlerFactory-Integrated"/>
    			<remove name="ScriptHandlerFactory"/>
    			<remove name="ScriptHandlerFactoryAppServices"/>
    			<remove name="ScriptResource"/>
    			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    		</handlers>
    	</system.webServer>
    	<runtime>
    		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    			<dependentAssembly>
    				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
    				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
    			</dependentAssembly>
    			<dependentAssembly>
    				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
    				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
    			</dependentAssembly>
    		</assemblyBinding>
    	</runtime>
    </configuration> 
    
     
    Tuesday, September 23, 2008 1:15 PM

All replies

  • User1421209202 posted

    Tengo el mismo problema y no puede encontrar una solución, por favor alguien podrás ayudar.

    Friday, October 17, 2008 12:28 PM
  • User-958617708 posted

    So this is a fun issue to diagnose.  The basic problem is that you're trying to connect to SQL Server under the context of the ASP.NET worker process.  This works on your local machine, most likely because your development web server that's built into Visual Studio .NET is running as you--thus it's given your credentials.

    Identity impersonation won't really solve this problem because unless you allow your IIS process to pass credentials (via setspn), then you still will see an anonymous logon.  Basically IIS, even though it can impersonate you, can't do a third-party logon to SQL server as you because it doesn't have the appropriate service process delegation set up in the domain.

    So here's how you fix this:

    1.  turn off identity impersonation.  You know that line <identity impersonate="true"/> that's probably in your web.config?  Get rid of it.

    2.  If you want to see what users are coming your website, simply enable windows authentication in your web.config (without impersonation), and turn off anonymous access to your website in the IIS security configuration.

    3.  Either set the application pool of your application to run as a domain user with credentials to SQL server through IIS configuration -OR- give the BOXNAME\NETWORK SERVICE account permissions to your database.  If you pick the first option, beware that you also need to add the domain user to the IIS_WPG group on your ASP.NET web server, and also modify your local policies so that the domain user has permissions to "Log on as a service."  (Beware that if you do this you should really make sure you register service process names for your service account via the domain setspn command).

     Good luck!

    Friday, October 17, 2008 3:34 PM