Re: Impersonation problem.

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 03/29/05 

Date: Tue, 29 Mar 2005 09:46:54 -0800

It sounds like you have the "network hop" authentication issue. If you're
authenticating from machine A to machine B (without passing a password across
the network, so think SSPI), then machine B tries to use those same credentials
to go to machine C, then it will fail unless you've configured your used
in AD to have the password stored with reversible encryption. Most security
experts think that's ridiculous as that's not secure. Thus you need to design
your app around this inherent problem.

-Brock
DevelopMentor
http://staff.develop.com/ballen

> When I enable impersonation in web.config and show User identity in
> .aspx page, it is the user IIS authenticates. But when I try to access
> Sql server, I get an access denied error message. It looks like
> asp.net does not impersonate it at sql server side. I can impersonate
> a specific user in web.config without problem. Is this a bug or by
> design? I need to give users permissions based on their Windows login
> and I have a lot of users, but they are not going to access these web
> pages at the same time.
>

Relevant Pages

  • Re: Impersonation ASPNET SQL Server
    ... I think you need to impersonate those user accounts in asp.net ... !Subject: Re: Impersonation ASPNET SQL Server ... Authentication, and Secure Communication is just one ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Connecting to SQLServer 2000 from ASP.NET
    ... Integrated windows authentication or Forms authentication) and it should ... with a developer's domain account. ... It should be OK to have the impersonate settings in machine.config ... meant to be a remedy in the development enviroment, whereby the SQL Server ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SQL Server windows authentication issue
    ... How to troubleshoot connectivity issues in SQL Server ... Impersonate SQL Server users. ... then to Impersonate a client after authentication. ... then go to the Local security policy and add users there. ...
    (microsoft.public.sqlserver.security)
  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    ... If the domains do not trust each other, Windows authentication is not going ... Basic authentication sometimes makes the need for Kerberos delegation go ... generic account to do the backend data stuff on our SQL Server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: I dont want to re-invent the Login/Login Wheel - Help with utilities
    ... Yes, if you use .NET1.1, there isn't built-in login control, and more importanltly there isn't ready-to-use membership component to use. ... the membership provider uses SQL Server or SQL Server Express. ... We feel that having the capability to force password change would be a better benefit in securing our application and data access. ... Both Windows authentication and authorization wolud be be fine if we wanted the world to have access to our application data, but not very intuitive for maintaining integrity over our data. ...
    (microsoft.public.vstudio.general)