Please explain loss of token between web server box and sql box
From: TimmyG (tim@pracctice.com)
Date: 09/06/02
- Next message: Willy Denoyette [MVP]: "Re: Please explain loss of token between web server box and sql box"
- Previous message: Willy Denoyette [MVP]: "Re: Network Path not found"
- Next in thread: Willy Denoyette [MVP]: "Re: Please explain loss of token between web server box and sql box"
- Reply: Willy Denoyette [MVP]: "Re: Please explain loss of token between web server box and sql box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "TimmyG" <tim@pracctice.com> Date: Fri, 6 Sep 2002 17:05:39 +0100
Hello all,
I gather this problem has been rolling for sometime now.
All I ask for is a 'be all and end all' answer to the following issues
relating to Integrated Security with Asp.Net IIS 5 and Sql Server 2k.
The problem arises when endeavouring to use Integrated Security at all
application levels (IIS, Asp.Net and Sql Server).
I.e. I set up a windows user group for my application (lets keep it simple).
The IIS site is switched to Integrated Security and the Asp.Net app is set
to allow users from that group and to impersonate the client account. I also
grant the group Sql Server access and rights to the relevant database.
What I wanted to achieve with this approach is to lock down all application
levels with windows security (i.e. no anonymous web server access and no
mixed security on the sql server).
By chance the first time I tried out this approach I happened to have IIS
and Sql Server on the same box and it worked superbly (apparently the
*machine* authenticates the user and the token is retained).
The problem however, occurs when Sql Server and IIS are on two different
boxes. When this scenario is encountered the client user token is 'lost'
between the Asp.Net app and the sql server. You are suddenly morphed into
NT_ANONYMOUS_USER which is of course no use whatsoever when trying to access
the sql database with integrated security.
>From this problem arise several issues:
- Is this how it is supposed to work?
- If so surely it defeats much of the point of integrated
security.
- If so then surely it should NOT work when IIS and Sql are on
the same box (consistency?)
- If this is not how it is supposed to work then...
- Will impersonating a particular account from the Asp.Net
application work for integrated SQL authentication?
It just seemed to me that Integrated Security was perfectly suited to this
type of application (indeed I presumed this is what it was aimed at) but
from my experiments it appeared to 'fall apart' when using distributed
servers.
Please can someone provide a clear answer to this problem. I would also love
to know if Integrated Security will work in this manner in the future.
Much obliged,
TimmyG.
- Next message: Willy Denoyette [MVP]: "Re: Please explain loss of token between web server box and sql box"
- Previous message: Willy Denoyette [MVP]: "Re: Network Path not found"
- Next in thread: Willy Denoyette [MVP]: "Re: Please explain loss of token between web server box and sql box"
- Reply: Willy Denoyette [MVP]: "Re: Please explain loss of token between web server box and sql box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
