Re: IIS vs ASP.Net Authentication problem

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 11/12/04 

Date: Fri, 12 Nov 2004 12:21:11 -0600

If you want domain\iisuser to be the account that accesses SQL, you need to
change the ASP.NET processModel to use that account and make sure
impersonation is set to false. That way, the token on the thread will be
the process token.

Joe K.

"njtom" <njtom@discussions.microsoft.com> wrote in message
news:A4CFD238-3832-4D10-BD1B-A9CCEDF449D9@microsoft.com...
> ------
> Setup
> ------
>
> - IIS runs with a domain user account 'domain\iisuser'
> - SQL Server has 'domain\iisuser' login setup to act as a data
> reader/writer
>
> Requirement is to use 'domain\iisuser' to authenticate in SQL Server
>
> -------------------
> More info on setup
> -------------------
> - asp.net 1.1
> - processModel in machine.config has userName='machine'
> password='AutoGenerate'
> - Only Integrated Windows Authentication enabled (Anonymous/basic/digest
> unchecked) in IIS 5
> - Connection string used : "Provider=SQLOLEDB;Data
> Source=CCMIWS05;Database=t5CONV;Integrated Security=SSPI;"
> - Using Windows XP SP2 as a development box.
>
> ----------------------------
> Microsoft Documentation says
> ----------------------------
> Check the url given here for an exact description
>
>
> Impersonation is disabled ->
> This is the default setting for backward compatibility with ASP. In this
> instance, the ASP.NET thread will run using the process token of the
>
> application worker process, which by default is the IIS system account,
> regardless of which combination of IIS and ASP.NET authentication
>
> have been used.
> <identity impersonate="false"/>
>
>
>
> (URL:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.asp)
>
> ------------
> The problem
> ------------
>
> The 'domain\iisuser' is not authenticated in SQL Server and ASPNet seems
> to
> get authenticated which fails as it's not a user in SQL Server.
>
> The error message I am getting is:
>
> Login failed for user 'CCMIWS05\ASPNET'.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more
>
> information about the error and where it originated in the code.
>
> Exception Details: System.Data.OleDb.OleDbException: Login failed for user
> 'CCMIWS05\ASPNET'.
>
>
> ***What am I doing wrong per documentation?***

Relevant Pages

  • Re: IIS 6.0 and SQL server
    ... domain account, or it needs to be a local account on both machines with ... should be true both if you are using Windows authentication in SQL, ... if you are using SQL authentication in SQL but the SQL client on the IIS ...
    (microsoft.public.inetserver.iis.security)
  • Re: Protect PDF files via ASP?
    ... >> my users against my own database and, if successful, logs them into IIS ... >> the WebUsers account. ... >> IIS to authenticate the user that would then carry through for them to be ... In your ASP code, authenticate your users from your database and ...
    (microsoft.public.inetserver.asp.general)
  • RE: Which account on SQL 2005 web sync via https
    ... Well - to take a stab in the dark on this one, it seems the account you are ... permissions when you are running in a domain environment. ... Configure a Publication to Allow for Web Synchronization (SQL ... Configure IIS for Web Synchronization ...
    (microsoft.public.sqlserver.replication)
  • Re: Protect PDF files via ASP?
    ... > my users against my own database and, if successful, logs them into IIS ... > the WebUsers account. ... > IIS to authenticate the user that would then carry through for them to be ... > able to download non-ASP (PDF, ...
    (microsoft.public.inetserver.asp.general)
  • Re: Connecting to SQL through ASP
    ... > I think i have followed the instructions for connecting to SQL Server ... > Created local account with same name as IIS ...
    (microsoft.public.inetserver.iis.security)