Re: Trusted SQL Connections & NT AUTHORITY\NETWORK SERVICE

Are you sure the web app is trying to hit SQL on the network? The network
service account is supposed to use the credentials of the machine account
when it accesses the network to use a remote resource. What you are seeing
at work is what I'd expect and what you are seeing at home is a bit strange
to me. Any other environmental differences?

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Craig Wagner" <MSDNNospam207@xxxxxxxxxxxxx> wrote in message
news:1A271C50-46EF-4440-B417-D9C3944F469C@xxxxxxxxxxxxxxxx
I'm trying to better understand the role of the NT AUTHORITY\NETWORK
SERVICE
and how it works with respect to SQL Server connections.

First some background and then the question.

I have a very simple test web page that does the following:

using( SqlConnection dbConnection = new SqlConnection( "Data
Source=server;Initial Catalog=db;Integrated Security=True" ) )
{
dbConnection.Open();
DataSet ds = new DataSet();
DbDataAdapter adapter = new SqlDataAdapter( "select statement",
dbConnection );
adapter.Fill(ds);

gridView.DataSource = ds;
gridView.DataBind();
}

I put this web app on two different Windows 2003 servers, one that is in
my
domain at work and one that is in my domain at home. In each environment
the
connection information points to a database that is local to that
environment
(i.e. I'm not trying to hit a database in my home domain from work or vice
versa), but on a different machine than the web server. In both cases the
web
app is in an application pool where the Identity tab indicates it should
used
the Predefined Network Service account.

At the top of the page I display the values from
Environment.UserDomainName
and Environment.UserName. In both environments this information displays
as
NT AUTHORITY and NETWORK SERVICE respectively.

So here's the thing I can't figure out...

At work, the web app tries to connect to the database as
domain\machinename$. At home the web app tries to connect to the database
as
NT AUTHORITY\NETWORK SERVICE.

What's up with that? Any pointers as to where to look for more
information?


.

Relevant Pages

  • Re: Account Lockouts
    ... I assume you mean that your web app authenticates to your network? ... Subject: Account Lockouts ...
    (SecProg)
  • Re: looking for ip network monitoring tools?
    ... Well, there is ntop, which can be run both as a Web app, or ... various tools available under the Network section of Debian Unstable. ... Even if you don't use Debian (and every Linux net-admin ought to, ...
    (comp.os.linux.networking)
  • problem with impersonation using LogonUser
    ... I have some folders shared for specific users on network. ... Now from my web appl I have to access them. ... app I cannot access the folders.But from my web app I cannot access ... I get an access denied error. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • WinForms App Security Error
    ... Im designing a web app which will run as an executable from a network share. ... The problem is the security exception that keeps popping up. ...
    (microsoft.public.dotnet.security)
  • RE: SQL injection ( and being a pen tester means being good in every area)
    ... Regarding the mentioned error you receive - it seems like the ' char is ... I'm doing a pentest for a client's web app: ... IP address of the database server itself. ... Securing Web Applications ...
    (Pen-Test)