Re: Impersonation problem.

• Previous message: Brock Allen: "Re: Web Config Error What may be the problem?"
• In reply to: Brock Allen: "Re: Impersonation problem."
• Next in thread: szhang: "Re: Impersonation problem."
• Reply: szhang: "Re: Impersonation problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 29 Mar 2005 12:09:24 -0600

Agreed.

The canonical solution to the double hop problem is to implement Kerberos
delegation. There are many references on this newsgroup and on Microsoft's
sites that you can search for.

Joe K.

"Brock Allen" <ballen@NOSPAMdevelop.com> wrote in message
news:294593632476972024608624@msnews.microsoft.com...
> It sounds like you have the "network hop" authentication issue. If you're
> authenticating from machine A to machine B (without passing a password
> across the network, so think SSPI), then machine B tries to use those same
> credentials to go to machine C, then it will fail unless you've configured
> your used in AD to have the password stored with reversible encryption.
> Most security experts think that's ridiculous as that's not secure. Thus
> you need to design your app around this inherent problem.
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
>> When I enable impersonation in web.config and show User identity in
>> .aspx page, it is the user IIS authenticates. But when I try to access
>> Sql server, I get an access denied error message. It looks like
>> asp.net does not impersonate it at sql server side. I can impersonate
>> a specific user in web.config without problem. Is this a bug or by
>> design? I need to give users permissions based on their Windows login
>> and I have a lot of users, but they are not going to access these web
>> pages at the same time.
>>
>
>
>

• Previous message: Brock Allen: "Re: Web Config Error What may be the problem?"
• In reply to: Brock Allen: "Re: Impersonation problem."
• Next in thread: szhang: "Re: Impersonation problem."
• Reply: szhang: "Re: Impersonation problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Impersonation problem. ... When I enable impersonation in web.config and show User identity in .aspx ... it is the user IIS authenticates. ... But when I try to access Sql server, ... impersonate it at sql server side. ... (microsoft.public.dotnet.framework.aspnet.security) Impersonation problem. ... When I enable impersonation in web.config and show User identity in .aspx ... it is the user IIS authenticates. ... But when I try to access Sql server, ... impersonate it at sql server side. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Impersonation ASPNET SQL Server ... I think you need to impersonate those user accounts in asp.net ... !Subject: Re: Impersonation ASPNET SQL Server ... Authentication, and Secure Communication is just one ... (microsoft.public.dotnet.framework.aspnet.security) Re: Connecting to SQLServer 2000 from ASP.NET ... Integrated windows authentication or Forms authentication) and it should ... with a developer's domain account. ... It should be OK to have the impersonate settings in machine.config ... meant to be a remedy in the development enviroment, whereby the SQL Server ... (microsoft.public.dotnet.framework.aspnet) Re: Active Directory and SQL Server Connection ... I went into my SQL server added a user "Test", ... > I would look up MSDN help on WindowsIdentity. ... > Your connection string is fine, it simply says that windows authentication ... your code needs to impersonate that particular ... (microsoft.public.dotnet.framework.adonet)