none
NT Auth & SQL 2005 with ADODB RRS feed

  • Question

  • Hello

    Here's what going on: I have a web application that uses vb and aspx. I want to run this on a web server that is inside my firewall and on my local LAN. The idea is to have the asp use NT Authentication to insure that the user has access to the database on a Windows 2003 Server running SQL Server 2005 in NT Authentication. My web server is a Windows 2000 (soon to be a 2003) box. I am using a DSN to connect to the database. I have tried both system and file dsn with the same results. I am using .NET 2.0. In my development environment everything runs fine; which I would expect since the NT Authentication is taken care of by the local machine. When published to the web server I get the following error message:

    -2147217843

    [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user ''. The user is not associated with a trusted SQL Server connection.

    Looks as if the user cridentials are not getting passed correctly. On the Web Server I have annonymous user login disabled and have Intigrated Windows Authentication enabled. What am I missing to get the user information passed?

    I have searched and have found some things that were close to this but not exact; of which none of those solutions worked. Thanks

    John
    Thursday, August 2, 2007 4:14 PM

Answers

  • You need a trust relationship between the servers which typically involves enabling Kerberos and delegation. You've already set up the impersonation component. 

     

    The second example involves a double-hop scenario. Unfortunately, IIS does not have the ability to forward credentials to the remote machine because they are not known when using NT Authentication. The following should help:

     

    How to configure an ASP.NET application for a delegation scenario

     

     

     

    Friday, August 3, 2007 5:11 PM

All replies

  • There are quite a few possibilities here:

     

    Is your web application enabled for impersonation?
    Is your web server and database server in the same domain and is there a trust relationship?

     

    Friday, August 3, 2007 1:10 PM
  • Web Server and SQL Server are in the same domain.

     

    I have tried the following identity commands:

     

    1-<identity impersonate="true" userName="domain\username" password="userpassword"/>

    2-<identity impersonate="true" />

     

    The first one works fine, however that defeats the purpose of using NT Authentication. The second one gives the following error message:

     

    [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

     

    Which is better than what I was getting before. Before the user name was null or empty. Is there another location other than web.config to set impersonate? Thanks for the questions.

    Friday, August 3, 2007 3:04 PM
  • You need a trust relationship between the servers which typically involves enabling Kerberos and delegation. You've already set up the impersonation component. 

     

    The second example involves a double-hop scenario. Unfortunately, IIS does not have the ability to forward credentials to the remote machine because they are not known when using NT Authentication. The following should help:

     

    How to configure an ASP.NET application for a delegation scenario

     

     

     

    Friday, August 3, 2007 5:11 PM