Re: Impersonation problem.

From: szhang (szhang_at_discussions.microsoft.com)
Date: 03/30/05 

Date: Tue, 29 Mar 2005 21:37:01 -0800

Thanks for your replies.

Here is my real problem. Our existing asp pages use windows authentication
and have no problem accessing sql server. All stored procedures use
is_member() function to determine user's permission. It will be too much to
rewrite all those stored procedures. Most users are computer illiterate and
all applications are on intranet, so security is not a big issue. The new web
server is on W2k3. The old one is on W2k and the PDC is still on a NT box.
What is the easiest way to get around this problem?

"Joe Kaplan (MVP - ADSI)" wrote:

> Agreed.
>
> The canonical solution to the double hop problem is to implement Kerberos
> delegation. There are many references on this newsgroup and on Microsoft's
> sites that you can search for.
>
> Joe K.
>
> "Brock Allen" <ballen@NOSPAMdevelop.com> wrote in message
> news:294593632476972024608624@msnews.microsoft.com...
> > It sounds like you have the "network hop" authentication issue. If you're
> > authenticating from machine A to machine B (without passing a password
> > across the network, so think SSPI), then machine B tries to use those same
> > credentials to go to machine C, then it will fail unless you've configured
> > your used in AD to have the password stored with reversible encryption.
> > Most security experts think that's ridiculous as that's not secure. Thus
> > you need to design your app around this inherent problem.
> >
> > -Brock
> > DevelopMentor
> > http://staff.develop.com/ballen
> >
> >
> >
> >> When I enable impersonation in web.config and show User identity in
> >> .aspx page, it is the user IIS authenticates. But when I try to access
> >> Sql server, I get an access denied error message. It looks like
> >> asp.net does not impersonate it at sql server side. I can impersonate
> >> a specific user in web.config without problem. Is this a bug or by
> >> design? I need to give users permissions based on their Windows login
> >> and I have a lot of users, but they are not going to access these web
> >> pages at the same time.
> >>
> >
> >
> >
>
>
>

Relevant Pages

  • Extreme performance issues (SQL Server 2000/ADO.NET/C#)
    ... This process runs very quickly if run through Query ... same exact stored procedures and views, run in the same exact order, through ... system that runs SQL Server (a 4-cpu Xeons system with 2gigs of physical ... When I execute these steps manually through query analyser,, ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Querying on dates in dd/mm/yyyy hh/mm/ss format using Access2002 And SQL Server 7
    ... For parsing a string to a date/time, the 103 format doesn't limits the user ... > which is used as the row source for the results form). ... > other solutions assuming I have to use SQL Server 7? ... > I don't understand how I can use parameterized stored procedures to solve ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Help understanding Stored proc Level Secuirty?
    ... Jasper Smith (SQL Server MVP) ... I set permissions to my Stored Procedures, ... Access to stored procs fail ...
    (microsoft.public.sqlserver.security)
  • Re: Limiting views on data in a table
    ... returns the Windows login the user uses to connect to SQL Server. ... > The way I was implementing this was to use Windows Auth with a Windows ... > covered by which salespeople, ... > with it via the stored procedures. ...
    (microsoft.public.sqlserver.security)
  • Re: Scripting T-SQL CREATE Statements
    ... a backup of user-defined SQL Server objects. ... I am having a hard time finding the T-SQL functions and system stored procedures used to return the scripted ... like when you right-click an object and select Script Object to New Window as>> Create. ... I am trying to get it much like the instnwnd.sql file that comes with the .NET Framework SDK v1.1. ...
    (microsoft.public.sqlserver.programming)