Re: ASP.NET + SQL Server Windows authentication

From: Lewis Wang [MSFT] (v-lwang_at_online.microsoft.com)
Date: 09/04/03 

Date: Thu, 04 Sep 2003 03:20:56 GMT

Hi Lior,

Here is an article about Configure an ASP.NET Application for a Delegation
Scenario. You may check it for your reference.
http://support.microsoft.com/default.aspx?scid=kb;en-us;810572

Hope this helps.

Best regards,
Lewis

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Lior Amar" <lior_amar@hotmail.com>
| References: <uHPZbT#aDHA.2928@tk2msftngp13.phx.gbl>
| Subject: Re: ASP.NET + SQL Server Windows authentication
| Date: Wed, 27 Aug 2003 12:09:30 -0400
| Lines: 71
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
| X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
| Message-ID: <eRxXzVLbDHA.4020@tk2msftngp13.phx.gbl>
| Newsgroups:
microsoft.public.dotnet.framework.aspnet,microsoft.public.dotnet.framework.a
spnet.security,microsoft.public.sqlserver.security
| NNTP-Posting-Host: p113.n-sfpop03.stsn.com 199.107.154.113
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:6451
microsoft.public.sqlserver.security:15430
microsoft.public.dotnet.framework.aspnet:171959
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Think the problem is just a limitation of NTLM single hop. Don't think
there
| is a way around it other than using SSL and Basic Authentication. ASPNET
is
| set up properly and is impersonating the user approriately. Don't think
| there is anyway around this limitation.
|
| Thanks for the help though
|
| Lior
|
|
| "Lior Amar" <lior_amar@hotmail.com> wrote in message
| news:uHPZbT#aDHA.2928@tk2msftngp13.phx.gbl...
| > Hey All,
| >
| > Trying to understand why I can not get SQL server to trust my IIS
server.
| I
| > have two machines set up, 1 App and 1 DB, and I'm trying to validate the
| > applications access to the DB server via NT Authentication. The App
comes
| in
| > via NTLM which from my understanding only supports Single hop security
| > delegation. So far I understand why it doesn't work, although seems to
me
| > like a very bad problem. Now, Basic Authentication will transfer the PW
| and
| > the UID which will allow IIS to login to the DB server and then NT
| > Authentication will work. But we all know how non-secure Basic
| > Authentication is.
| >
| > Here's the confusion, if Kerberos permits token transferring with no
| > limitation why can't IIS receive a token via NTLM and transfer it to the
| DB
| > server?
| >
| > I've been reading all of these articles
| >
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/
| > vbconaccessingsqlserverfromwebapplication.asp
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/
| > vbtskaccessingsqlserverusingwindowsintegratedsecurity.asp
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html
| > /dnauth_security.asp
| >
|
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnauth/html
| > /signfaq.asp
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;Q176377
| >
| > and a bunch of other documents and they all come down to two valid
| > solutions: Basic Authentication or SQL Users. These are only valid if
the
| > level of security you wish to achieve is not something that needs to
pass
| a
| > certain level of security (would not pass in industries that require
| maximum
| > security).
| >
| > If I am bound to NT Authentication, is my only option Basic
Authentication
| > (of course under SSL)? And why is it that we don't have these problems
| with
| > other Database vendors? Is there any way we can utilize ADSI to get the
| > users NTLM credentials to pass on to SQL server?
| >
| > Any help or suggestions will be very appreciated.
| >
| > Thank you,
| >
| >
| >
| >
|
|
|

Relevant Pages

  • Re: ASP.NET + SQL Server Windows authentication
    ... with ASP.NET security newsgroup. ... | is a way around it other than using SSL and Basic Authentication. ... |> Trying to understand why I can not get SQL server to trust my IIS ... Basic Authentication will transfer the PW ...
    (microsoft.public.sqlserver.security)
  • RE: ASP.NET + SQL Server Windows authentication
    ... The problem is actually related to ASP.NET security. ... | Trying to understand why I can not get SQL server to trust my IIS server. ... | applications access to the DB server via NT Authentication. ... Basic Authentication will transfer the PW ...
    (microsoft.public.sqlserver.security)
  • Re: MSMDPUMP.DLL Peformance
    ... to the AS 2005 server and the issue was resolved. ... authentication information... ... We noticed that a second web service applcation we wrote, ... Does it appear to occur only with Basic authentication? ...
    (microsoft.public.sqlserver.olap)
  • Re: MSPOP-UP MESSAGE SERVICE <KILLER POP-UPS>
    ... Basic authentication and the request has the magic Authorization: ... some ISAPI filter installed on the server rejected you ... ACLs on the resource and on the Application DLL/Script. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... > until logon), the wireless connection can kick off when it is ready. ... > was confirmed in the server event logs with IAS (i set that up as the radius ... > as an ordinary user kicks in and takes over from the machine authentication. ... > while the network sorts itself out and a double click on a network link of ...
    (microsoft.public.windows.server.security)