Re: Integrated Authentication with SQL

• Previous message: Dominick Baier [DevelopMentor]: "Re: Integrated Authentication with SQL"
• In reply to: Dominick Baier [DevelopMentor]: "Re: Integrated Authentication with SQL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 7 Oct 2005 11:00:24 -0700

Dominick,
    Thanks for that article....It was a big help especially for
understanding the SetSPN.exe utility. However, It still doesn't seem to
work. I have even written the author to see if he can help.

-Scott
"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:42565460fffa58c7998fef178eec@news.microsoft.com...
> Hello Scott,
>
> read the article i pointed you to
> http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx
>
> it contains all answers
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>
> > Yeup, quite sure.
> > From what I have been reading there are two methods windows can
> > use in
> > this instance. The first is NTLM which is what is being used most
> > often and
> > where I think my problem is. NTLM does not allow for authentication
> > past
> > singe hop and therefore can delegate or do anything fancy like that.
> > What I
> > need to use is the second method. Kerberos can impersonate, delegate
> > and
> > make additional hops. My problem, I think, is that Kerberos is not
> > being
> > used but I really don't know enough about it to troubleshoot it and
> > have
> > found very little online about exactly how to set this up.
> > I was using Windows 2k with IIS 5 but because this is all
> > experimental
> > for me right now I have upgraded to Windows 2k3 and IIS 6 to see if
> > that
> > makes any difference.
> >
> > -Scott
> >
> > "Peter Jakab" <someone@from.hu> wrote in message
> > news:eRAslZyyFHA.3864@TK2MSFTNGP12.phx.gbl...
> >> Scott, are you sure, that in IIS manager for the application you
> >> disabled anonymous access?
> >>
> >> (find your application, right click, properties, derectory security,
> >> anonymous access and identity control, click edit, and be sure that
> >> anonymous access is unchecked, AND integrated windows authentication
> >> is checked)
> >>
> >> It should work, in case there is just 1 hop!
> >>
> >> Best regards
> >>
> >> Peter
> >>
> >> "Scott Elgram" <SElgram@verifpoint.com> wrote in message
> >> news:ehqT9GfyFHA.3864@TK2MSFTNGP12.phx.gbl...
> >>
> >>> Hello,
> >>> I am trying to create a site using integrated windows authentication
> > to
> >
> >>> access SQL databases. All the tutorials I have found so far require
> >>>
> > that
> >
> >>> both SQL server and IIS reside on the same server. This is a
> >>> problem
> >>>
> > for
> >
> >>> me
> >>> because I need to access multiple SQL servers from the same site so
> >>> a
> >>> stand
> >>> alone web server would be ideal.
> >>> From what I have been able to gather so far:
> >>> - "Anonymous Access" is unchecked and "Windows Integrated
> >>> Authentication" is checked in IIS
> >>> - The machine running IIS must be set as "trusted for delegation"
> >>> in
> >>> active directory.
> >>> - The domain user accounts that will be accessing the databases
> > an
> >
> >>> site must not be marled "Account is sensitive and cannot be
> >>> delegated".
> >>> - The tags <Identity impersonate="true"> and <Authentication
> >>> mode="windows"> is set in web.config
> >>> - comImpersonationLevel="Delegate" and
> >>> comAuthenticationLevel="PktPrivacy" are set in machine.config
> >>> After all that is set then the connection string "server=SQLserver;
> >>> Integrated Security=SSPI; Trusted_Connection=YES;
> >>> database=SQLdatabase"
> >>> should be able to connect to the SQL database using the clients
> >>> credentials.
> >>> However, I receive the following error:
> >>> --------------------------------------------------------------------
> >>> Exception Details: System.Data.SqlClient.SqlException: Login failed
> >>> for
> >>> user
> >>> 'NT AUTHORITY\ANONYMOUS LOGON'.
> >>> Stack Trace:
> >>>
> >>> [SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS
> >>> LOGON'.] System.Data.SqlClient.ConnectionPool.GetConnection(Boolean&
> >>> isInTransaction) +472
> >>>
> > System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(Sql
> > Connec
> >
> >>> tionString options, Boolean& isInTransaction) +370
> >>> System.Data.SqlClient.SqlConnection.Open() +383
> >>> Rules.WebForm1.Page_Load(Object sender, EventArgs e) in
> >>> d:\inetpub\wwwroot\rules\rules.aspx.cs:47
> >>> System.Web.UI.Control.OnLoad(EventArgs e) +67
> >>> System.Web.UI.Control.LoadRecursive() +35
> >>> System.Web.UI.Page.ProcessRequestMain() +750
> >>>
> >> ---------------------------------------------------------------------
> >> -----
> >>
> > --
> >
> >>> --------
> >>>
> >>> Any help in resolving this problem would be greatly appreciated.
> >>>
> >>> Thanks,
> >>>
> >>> -- -Scott
> >>>
>
>

• Previous message: Dominick Baier [DevelopMentor]: "Re: Integrated Authentication with SQL"
• In reply to: Dominick Baier [DevelopMentor]: "Re: Integrated Authentication with SQL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]