Re: Login failed for user '(null)'.



Ok. Making progress. I had Windows Authentication and when I changed to SQL
Integrated, the web service worked. On the Web Page (my original problem) I
impersonated an account to get that working. Almost there!!! Just one little
glitch and I'm home free.

The situation now is. From a single web app, I have a login screen and
everything works fine, I get a message back "user logged in", that I had set
up. Great.

However. When I call the login page from another .NET application, the
login page does not return to the other application. The query string is up
in the address pane, ready to go, but it just clears the login boxes and sits
there. No error. I'm using the same Membership database and parameters on
both apps, both are .NET 2.0. It does everything but go back like it should.


The point being we want to create a single login application and have our
other applications all authenticate off of this application. We had it
working in 1.1, but I'm having a hangup here. Ideas?

Thanks!

Danny

"Joe Kaplan" wrote:

Unfortunately, your analysis here is most likely wrong. There is nothing
really different between how .NET 1.1 and 2.0 attempt to establish an
authenticated connection with SQL server. If you use a connection string
that uses Windows authentication in both cases, then the authenticated
connection will attempt to be established based on the security token that
is being used to execute the current thread at the time the code is called.
That will either be the security token of the process, or the security token
of some impersonated identity.

Whether or not the remote service accepts the authentication from client
(the web server in this case) depends on whether there is a trust
relationship between the account being authenticated and the remote service
and whether or not the identity being authenticated is being delegated by
the intermediate service (and whether delegation is allowed and configured).

You can discover whether you are getting an apples to apples comparison here
by determining first whether the current security context in both web
applications is the same account. Check
System.Security.Principal.WindowsIdentity.GetCurrent().Name. If they are
both the same and one can authenticate to the remote SQL server but the
other can't, it is almost certainly because one web application can do
Kerberos delegation and the other one can't. If they aren't the same
account (one is the authenticated user and one is the web server process
account), then you aren't comparing the same thing.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"PolarBears" <PolarBears@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C6AEC9E4-B964-474D-8D35-3B1E58BEFE06@xxxxxxxxxxxxxxxx
I've been away from this issue for a while, with other things. Here's an
interesting twist that may shed some light. Again, let me set it up. SQL
Server 2000 is on one machine with the database in question. Web Server
is
on a second machine.

Approaching from a different direction, I tried this. Using Visual Studio
Tools for Office 2005, I created two buttons and two datagrids. The first
datagrid accesses file "X" via a .NET 1.1 Web Service. The second
datagrid
accesses the same file "X" via a .NET 2.0 Web Service. The web services
are
on the same machine.

Visual Studio Tools for Office 2005 is running on .NET 2.0. Now, here's
the
interesting part, when I click the button to load the data from the .NET
1.1
Web Service, everything loads fine. Duplicated the same process with the
.NET 2.0 Web Service, Login failed for User "Null". This tells me this is
probably something specific to .NET 2.0 and not SQL Server or the Web
Server,
else it wouldn't work with .NET 1.1.

-- Danny




.



Relevant Pages

  • Re: Directory Services, LDAP or similar
    ... In other projects, we managed the user authentication by creating tables that define all users and its allowed capacities, then the application queryies that data to verify if a user has access to some feature or not. ... The above ID and password are sent to the service at login time. ... They are using Novell eDirectory at the enterprise level; yes it's LDAP. ... We already do that for three different DB servers; ...
    (borland.public.delphi.non-technical)
  • Re: Is there malware on my Server?
    ... be exposing to the internet some means of authenticating to the server. ... Anonymous Access is checked and the login uses the ... Integrated Windows Authentication is checked. ... Administrador indicates hack attempts to log on with the Administrator ...
    (microsoft.public.windows.server.security)
  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Directory Services, LDAP or similar
    ... we managed the user authentication by creating tables ... The above ID and password are sent to the service at login ... Novell eDirectory at the enterprise level; yes it's LDAP. ... servers; ...
    (borland.public.delphi.non-technical)
  • Re: IIS6 Authentication Problem with SQL Server 2000
    ... They're not accessing SQL directly right? ... > a) if you are using a Windows 2000 Domain, ... > backend SQL Server. ... You need to use Kerberos authentication for this (not ...
    (microsoft.public.inetserver.iis.security)