Re: double hop issue? Not sure anymore

Hi,

there are some more things to take into consideration - i guess you only tested locally on your WinXP machine - this is technically not delegation - thats why it probably worked...

read more here:
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi all

I have an issue which goes something like this

I have a web app that accesses a SQL Sever. I use AD for my users. In
SQL i have assigned my users to various roles etc....not SQL users but
AD users.

my web app uses identity impersonation = true and i have disabled
anonymous access in IIS

I have a development environment with XP, IIS5 and ver 1.1 of
framework. The web app works fine and shows my results.

I have a win2k server with IIS 5 on it and when i deploy my app to
this machine, which is part of the domain and IIS is configured the
same way, I get what seems to be the double hop issue. So i have
ensured that the anonymous access is diabled in IIS and integrated
security is turned on. the machine is part of the domain. I have
installed the sql client tools on the web server....no matter what i
do i cannot access SQL server...it keeps giving me the Login failed
for user 'NT AUTHORITY\ANONYMOUS LOGON'.  error. I checked the user
name of the person accessing the page by using
System.Security.Principal.WindowsIdentity.GetCurrent().Name and the
username is being written out however when this information passes to
SQL i still get the anonymous user error...

Can you please help me with this issue? I am really at a loss here...

Thank you.
Reeza



.

Relevant Pages

  • Re: PROBLEM: ASP on IIS 5 secured via "Windows Integrated Authentication" accessing "
    ... uses NT group based permissons on the SQL Server, ... > transfered to the IIS box and IIS does a local logon. ... > delegation for all accounts. ...
    (microsoft.public.inetserver.iis.security)
  • RE: Co-Hosting SQL with IIS FTP service
    ... there are no functional conflicts between SQL and IIS; their network resource demands are unique. ... If the machine resources are enough, you can also use your favorite virtualization technology to separate the FTP and SQL servers and thus avoid the combinational security issues that public FTP services may impose on the SQL server. ... Co-Hosting SQL with IIS FTP service ...
    (Focus-Microsoft)
  • RE: MS patch-scanner for Win-NT, 2K, IIS, SQL
    ... MS patch-scanner for Win-NT, 2K, IIS, SQL ... check the local computer - so there are no FW or Gateway problems. ... SQL Hi, I get the following error message when I try ...
    (Focus-Microsoft)
  • Re: General Network Error - MS Stumped
    ... > environment between our ASP.NET application and SQL Server 2000. ... > to be related to queries that return "large" amounts of data from SQL. ... > MS had us perform 3 data captures initially: MPSRPT_MDAC on the IIS ... > at System.Data.SqlClient.TdsParser.ReadByteArray(Bytebuff, Int32 ...
    (microsoft.public.sqlserver.connect)
  • Re: General Network Error - MS Stumped
    ... > environment between our ASP.NET application and SQL Server 2000. ... > to be related to queries that return "large" amounts of data from SQL. ... > MS had us perform 3 data captures initially: MPSRPT_MDAC on the IIS ... > at System.Data.SqlClient.TdsParser.ReadByteArray(Bytebuff, Int32 ...
    (microsoft.public.sqlserver.server)