Re: IIS passing server credentials rather than user credentials

On Thu, 6 Jul 2006 16:22:20 +1000, "Ken Schaefer"
<kenREMOVE@xxxxxxxxxxxxxxxxxxxx> wrote:


"Jeff Cochran" <jeff.nospam@xxxxxxxx> wrote in message
news:44b07326.794595046@xxxxxxxxxxxxxxxxxxxxxxx
On 5 Jul 2006 13:00:54 -0700, "cfs" <wayhip@xxxxxxxxxxx> wrote:

We are developing a web app using II6, ASP .Net 2.0 on a Win2003 box.
We are using VS2005 and building for .Net 2.0 framework.

We set IIS up to use integrated security. However when I access the
application through IE, it cannot connect to the server. When I check
the SQL Server logs, I see a failed attempt to login by <domain
name>\<web server name>. It looks like it is using the credentials
under which the web server is running.

he desired behavior is to use the profile of the domain user who is
using IE.

When I give <domain name>\<web server name> explicit access to the SQL
Server DB it, *can* connect.

This reeks of a misconfiguration. What could we be doing wrong?

Is IE set to remember passwords? If so it may not pass the correct
credentials.

True, but that would not result in the server's machine account being used
to login to SQL Server

It happens here. IE is used to access a domain that isn't in the
intranet zone. User logs in and IE remembers the password. From
there on, the credentials become whatever account was used on the
server. Using Windows authentication in SQL, it passes the server's
login, not the user's. Bugged the heck out of us for about three
weeks until we tracked it down. Even after the domain is added to the
intranet zone, the user becomes the server account for some reason.

Haven't done any diagnostocs beyond this to track down what's going
on, so can't say it's his issue.

Jeff
.

Relevant Pages

  • Re: "log on" form
    ... a user is logged onto the client computer with a different user account than ... give them a change to authenticate to the server. ... an access denied message and yes Windows XP can store credentials as shown ... > manually (by using the graphical form or net use command). ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How does authentication work?
    ... The server is one the domain but we log into it with a local account. ... account to map those drives with alternate credentials. ... But it seems to me that the length of time the connection can remain valid ...
    (microsoft.public.windows.server.general)
  • Re: Services do not start automatically
    ... using said account and change the password there... ... Are you creating the credentials hours/days before ... "Meinolf Weber" wrote: ... when I reboot the server these services do not ...
    (microsoft.public.windows.server.active_directory)
  • Re: IIS6 & ASP: accessing network files with FSO fails
    ... your credentials are not being passed. ... >my test account with admin rights. ... You're logging into server 1 fine, ...
    (microsoft.public.inetserver.asp.general)
  • Re: Account Identifier Pool
    ... when I add an account to Active Directory on our domain ... > No suitable default server credential exists on this system. ... Applications that manage their own credentials, ... > The account is able to be added and all seems well. ...
    (microsoft.public.win2000.active_directory)