Re: Integrated Windows Security

From: Jeff Cochran (jcochran.nospam_at_naplesgov.com)
Date: 12/30/03

• Next message: luu duong: "Need to record & report mulitple logins when using Active Directory and IIS 5.0"
• Previous message: Jeff Cochran: "Re: 2003 Web Server Security Flaw"
• In reply to: Ashish Kumar: "Integrated Windows Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 17:40:28 GMT

On Tue, 30 Dec 2003 00:53:35 -0800, "Ashish Kumar"
<v-ashisk@microsoft.com> wrote:

>I am facing a challenge, the description is given below:-
>
>For website security, IIS should have "Integrated
>Windows" option Checked, Anonymous and Basic Unchecked
>and SQL to work in Windows Authentication Mode only.
>
>The implementation should comply with the Security Policy
>Guidelines as stated below:
>
>1) The SQL server should be Windows NT
>authentication mode only.
>
>2) The IIS (Authentication Methods) should
>have "Integrated Windows authentication" Checked.

>IIS and SQL Server are on different machines.
>
>Now when any user accesses the application it results in
>a "Login failed for user (null)" even if the User is
>added to the SQL.

If the user is "Null" it means your code isn't passing a user for the
connection.

>Perhaps the error is because IIS is not able to pass
>credentials to the SQL as both are on different machines.

Not quite, it's possible. But remember that the user would need to be
a domain user and not the local user IUSR/IWAM accounts. Meaning the
user has to authenticate before the connection can be made.

>Where as a scenarios wherein IIS and SQL Server are on
>same machine the credentials are passed without any
>problem and the user gets authenticated.

Local users.

At any rate, this isn't an IIS issue. You'll want to check in an
ASP.NET group (since you mentioned an ASP.NET config). Might also
Google "ASP Remote SQL" or the like for some help.

Jeff

• Next message: luu duong: "Need to record & report mulitple logins when using Active Directory and IIS 5.0"
• Previous message: Jeff Cochran: "Re: 2003 Web Server Security Flaw"
• In reply to: Ashish Kumar: "Integrated Windows Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Confusion on standard security methodologies. ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ... (microsoft.public.inetserver.iis.security) Re: Windows Authentication method on IIS6 ... The microsoft.public.windows.server.* groups deal with Windows 2003 ... The microsoft.public.inetserver.* groups deal with IIS ... > the authentication button, ... You can configure either one or multiple realm names on a server running IIS ... (microsoft.public.win2000.security) Re: Login failed for ServerGuest ... I think it is not a limitation in Windows 2000. ... access SQL server on Win2000 server by using Windows authenctication if I ... | I have noticed that when I try to log in using Windows Authentication ... (microsoft.public.sqlserver.connect) Re: How to access Windows IIS User Info with Perl ... but the IIS server is configured for Windows ... allowed for Basic Authentication, Windows Authentication (or whatever ... Do you know if they are part of a standard ... (comp.lang.perl.misc) Windows Authentication with IIS on separate machines ... Yes, setting Basic Authentication in IIS works, but the ... >in SQL server but doesn't work if user account was ... >imported from a Windows account. ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint