Re: Subject: impersonate="True" gives login (null) for SQL Server
- From: Pedro Gonçalves <PedroGonalves@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Jun 2006 02:57:01 -0700
Hi Dominick,
In fact the document you metioned was very, very good.
But I still have a problem:
The application is also to be accessed by the internet on any computer.
The application users travel a lot, and some times need to access to the
application in a computer on a internet cafee or something like that.
The problem that I found is that when you enter the site in a computer where
you are not logged as a our domain user, the browser ask you to identifiy
yourself, which is good, but when the application tries to access the Data
server the login (null) problem raises again.
Is there a way to solve this?
Regards,
Pedro Gonçalves
"Dominick Baier [DevelopMentor]" wrote:
Thats a typical two-hop problem.
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/default.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi,
I've an application using ASP.NET 2.0 that is deployied in IIS 6.0 in
a Win2003 application server.
For that application I'm using windows authentication and
impersonation to access to an SQL Server 2000 on other Win2003
application server througth a integrated security connection string.
The domain is Win 2000.
On web.config file I've:
<identity impersonate="true"/>
<authentication mode="Windows"/>
The problem is that when the application try to open the connection
gets an error saying that can't logon because user '(null) ' is not
configured to a trust connection.
How can I configure this application and/or IIS to able this
functionality?
Impersonate a specific user doesn't work because the stored procedures
that my web application use in the database uses a lot of caller user
identity for permit or not access to tables and inserts or updates.
same times the processing is very different according to the user that
call the SP.
I've read that migth be a problem of configuring the ASP account to
"Act as part of OS", but I don't know exactlt how to do it and where
to do it. Both machines, Web Server and Database Server, are in a
domain, but they are only application servers. The domain server is on
other computer. The ASP account on the web server is a local account
(on the web server). Do I have to change the account for asp_wp to a
domain account? And where I give the permition to "Act as part of OS"?
In the Local Group policy of the web server or in the Domain group
policy?
Regards,
Pedro Gonçalves
- Follow-Ups:
- Re: Subject: impersonate="True" gives login (null) for SQL Server
- From: Dominick Baier [DevelopMentor]
- Re: Subject: impersonate="True" gives login (null) for SQL Server
- References:
- Re: Subject: impersonate="True" gives login (null) for SQL Server acce
- From: Dominick Baier [DevelopMentor]
- Re: Subject: impersonate="True" gives login (null) for SQL Server acce
- Prev by Date: RE: ASP.NET Membership
- Next by Date: Re: Subject: impersonate="True" gives login (null) for SQL Server
- Previous by thread: Re: Subject: impersonate="True" gives login (null) for SQL Server acce
- Next by thread: Re: Subject: impersonate="True" gives login (null) for SQL Server
- Index(es):
Relevant Pages
|
|
