Re: Windows authentication from ASP.NET to SQL Server
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 08/09/05
- Previous message: Cactus Corp.: "Re: Another Sql Injection"
- In reply to: Nils Magnus Englund: "Windows authentication from ASP.NET to SQL Server"
- Next in thread: Paul Clement: "Re: Windows authentication from ASP.NET to SQL Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 09 Aug 2005 06:37:08 -0700
Hello Nils,
sounds like a typical double hop problem. google for asp.net and delegation
and have a look at:
http://www.leastprivilege.com/PermaLink.aspx?guid=ca303e8d-76a3-4ceb-992c-10098f3ed6d0
HTH
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hello,
>
> I am having trouble using Integrated Windows Authentication between
> our intranet server and our database server, both of which are on our
> local domain.
>
> Windows authentication works for our intranet server - my domain user
> "DOM\nme" is correctly authenticated and authorized to view the
> ASP.NET page on our intranet. In Web.config, I have both <identity
> impersonate="true" /> and <authentication type="Windows" />. I have
> disabled anonymous access in IIS 6.0.
>
> Windows authentication also works for the SQL Server; when logged on
> to the domain, I can start Query Analyzer and connect to the SQL
> Server using Windows authentication. Permissions on the SQL Server are
> also correctly set up.
>
> However, problems arise when I want to connect to the SQL Server from
> the ASP.NET page - I get the fairly common error message below:
>
> Login failed for user '(null)'. Reason: Not associated with a trusted
> SQL Server connection.
>
> Although I do get a lot of hits when searching for this specific
> error, I still can't seem to find the cause of the problem.
>
> The connection string I'm using to connect to the SQL Server is:
> "Server=DB;Integrated Security=SSPI;Database=IntranetDB".
>
> When setting <identity impersonate="false">, I get the error message
> "Login failed for user 'DOM\INTRANET$'." - DOM\INTRANET$ is the
> hostname of the intranet server.
>
> In the database servers event log, I can see two events (supplied
> below) after trying to authenticate (unsuccessfully) from the ASP.NET
> application to the SQL Server as "DOM\nme".
>
> What do I need to do to let users use Windows authentication against
> the DB server as well?
>
> Regards,
> Nils Magnus Englund
> (event log entries follows...)
>
> Date: 08.08.2005
> Source: Security
> Time: 15:14:55
> Category: Logon/Logoff
> Type: Success Audit
> Event ID: 540
> User: NT AUTHORITY\ANONYMOUS LOGON
> Computer: DB
> Description:
> Successful Network Logon:
> User Name:
> Domain:
> Logon ID: (0x0,0x5CE408)
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: INTRANET
> Logon GUID: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: -
> Source Port: -
> Date: 08.08.2005
> Source: Security
> Time: 15:14:55
> Category: Logon/Logoff
> Type: Success Audit
> Event ID: 538
> User: NT AUTHORITY\ANONYMOUS LOGON
> Computer: DB
> Description:
> User Logoff:
> User Name: ANONYMOUS LOGON
> Domain: NT AUTHORITY
> Logon ID: (0x0,0x5CE408)
> Logon Type: 3
- Previous message: Cactus Corp.: "Re: Another Sql Injection"
- In reply to: Nils Magnus Englund: "Windows authentication from ASP.NET to SQL Server"
- Next in thread: Paul Clement: "Re: Windows authentication from ASP.NET to SQL Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
