Re: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection

Hello,

since you have three machines involved in this scenario (client machine, web server, sql server) you most likely don't have kerberos configured, which is required for this scenario (delegation of account tokens). Search for "double-hop problem" and you'll find plenty of resources on this.

If you want integrated authentication on the client side, you need kerberos.
If you can live with people entering their credentials you could switch to basic authentication and authenticate to the sql server with those credentials. You should only do this if you have SSL enabled, otherwise the credentials would be transferred in clear-text over the network.

Third option: Use integrated authentication from the client to the webserver and use the service account of the IIS (AppPool user under Windows 2003+) to authenticate to the SQL server.

Kind regards,
Henning Krause


"Waldy" <someone@xxxxxxxxxxxxx> wrote in message news:%23PSpjpojIHA.4684@xxxxxxxxxxxxxxxxxxxxxxx
Hi there,
I don't know if this is an IIS or SQL Server issue. I have an ASP.Net web application that is set up with Anonymous access turned off and Windows Authentication turned on. The SQL 2000 server (on another machine) is set up for Windows only authentication. The application won't logon to SQL Server, as I get the error above. I have searched for this error and most of the articles suggest activating mixed mode authentication. This is at a customer site however, and they want the server left as it is. How do I make it work as intended.


.

Relevant Pages

  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    ... I've seen out there are usually for the IIS and SQL Server to be on the same ... web server are on separate machines and are on different domains also. ... strings and not Windows authentication because of the double hop, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows Authentication in asp.net 2005 to SQL Server?
    ... If the domains do not trust each other, Windows authentication is not going ... Basic authentication sometimes makes the need for Kerberos delegation go ... generic account to do the backend data stuff on our SQL Server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Replication with join filter failure
    ... I have a SqlCE subscriber connecting via IIS to a SQL Server 2005 database. ... The database publisher/distributor and the web server are on different machines and I want to avoid the use of Kerberos delegation to share priviledges on the snapshot folder. ... I used a DB authentication on the SQL Server database. ...
    (microsoft.public.sqlserver.replication)
  • Re: I dont want to re-invent the Login/Login Wheel - Help with utilities
    ... Yes, if you use .NET1.1, there isn't built-in login control, and more importanltly there isn't ready-to-use membership component to use. ... the membership provider uses SQL Server or SQL Server Express. ... We feel that having the capability to force password change would be a better benefit in securing our application and data access. ... Both Windows authentication and authorization wolud be be fine if we wanted the world to have access to our application data, but not very intuitive for maintaining integrity over our data. ...
    (microsoft.public.vstudio.general)
  • RE: IIS (ASP) -> SQLServer Authentication Issue
    ... I understand that you'd like to use IIS Intergration authentication in the ... and ASP "impersonates" authencitaed users to access SQL Server on ... only kerberos authentication allows double-hops from clients ...
    (microsoft.public.sqlserver.security)