Impersonation, Delegation & SQL Server

From: Vinay R. Indoria (indoria_at_hotmail.com)
Date: 11/28/03

• Next message: Hari Menon: "WSE 2.0 - role based security for Web Services"
• Previous message: Stefano Pronti [MS]: "Re: Custom Event Log Write Error"
• In reply to: Rob Edwards: "Impersonation, Delegation & SQL Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Nov 2003 03:52:54 -0800

hey Rob,

I am in same loop...... is there any progress on this
issue. How to resolve this "double-hop" issue.

need ur guidence.

regards
Vinay R. Indoria

>-----Original Message-----
>I bailed on this before and just went to Basic
Authentication and told the
>users they would have to live with signing on again....
but now I need to
>get it working...
>
>Domain: Windows 2003
>Web Server: Windows 2003
>SQL Server: Windows 2000
>
>The web server and the SQL server are trusted for
delegation.
>The user accounts are trusted for delegation.
>
>The web page has <Identity Impersonate="true"> and
<Authentication mode
>="Windows">
>
>I'm running into the same "double-hop" problem.. even
though everything
>should be using Kerberos.
>
>A user (running XP) opens a page on the web server.. the
web server then
>tries to access the SQL Server database.. but returns:
>
>Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
>
>The web server has Anonymous access turned off.
>The web server has Integrated Windows authentication
turned on.
>
>IIS is running under the local system account.
>
>The web server has been added to the SQL Server database
>\\DomainName\ServerName$
>
>I've gone round-and-round with this issue before and was
never able to come
>up with the solution.
>
>Can anyone help?
>
>
>.
>

• Next message: Hari Menon: "WSE 2.0 - role based security for Web Services"
• Previous message: Stefano Pronti [MS]: "Re: Custom Event Log Write Error"
• In reply to: Rob Edwards: "Impersonation, Delegation & SQL Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Integrated Windows Authentication ... NTLM authentication, both of which are represented by Windows Integrated. ... to the resource is not a member of the same domain as the web server. ... |>Subject: Integrated Windows Authentication ... (microsoft.public.inetserver.iis.security) Re: New post: Integrated Windows Authentication for remote users ... Can you generalize about the OS version on the clients ... Microsoft MVP (Windows, Security) ... > I am using Integrated Windows Authentication to protect a directory on a ... > priveliges denied on the web server or on the firewall to this web server ... (microsoft.public.inetserver.iis.security) Re: Windows Authentication in asp.net 2005 to SQL Server? ... I've seen out there are usually for the IIS and SQL Server to be on the same ... web server are on separate machines and are on different domains also. ... strings and not Windows authentication because of the double hop, ... (microsoft.public.dotnet.framework.aspnet.security) Replication with join filter failure ... I have a SqlCE subscriber connecting via IIS to a SQL Server 2005 database. ... The database publisher/distributor and the web server are on different machines and I want to avoid the use of Kerberos delegation to share priviledges on the snapshot folder. ... I used a DB authentication on the SQL Server database. ... (microsoft.public.sqlserver.replication) Re: server authentication & ASP authentication ... The SQL Server and web server are on the same machine (Windows 2000). ... Use windows instead of standard authentication on SQL Server. ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint