Re: Security Problem With SQLServer and Crystal Reports

From: Tim Burda (timburda_at_hotmail.com)
Date: 11/09/04 

Date: 9 Nov 2004 06:54:53 -0800

Kevin -

Thanks for your response. Part of the reason I am so perplexed over
this is that it only seems to happen with Crystal Report "page" (those
pages that have Crystal Report reports on them). Connections via
standard ASP pages are fine. They work as expected with the
credentials passed via the connection string (User ID = 'joeuser';
Password = 'joeuserpassword';). In general, Crystal seems to have
many, many issues - we're really struggling with it in this endeavor.

I found a work around (not a great one but it works), I created a
corresponding Windows user account on the SQL Server for the
IWAM_User. I then queried the metabase on the IIS Server to get the
password and set that on the SQLServer machine, and everything is
great. Many system engineers are rolling over in there graves, but hey
I'm a programmer, not an SE. Hopefully, the article you suggest will
supply me with more information for a better solution.

thanks again -

tim

kevmc@online.microsoft.com (Kevin McDonnell [MSFT]) wrote in message news:<rcyMETfxEHA.3028@cpmsftngxa10.phx.gbl>...
> It sounds like the connection is attempting to impersonate the Web account
> and force a Trusted Connection. Try setting up a simple ASP page on the
> Web server and see if you're able to make a standard SQL connection. If
> the Web server security is set to Windows Auth , then this might explain
> this behavior...
>
> If you goal is to use the web clients credentials, then you'll need to use
> Kerberos authentication and have some more work to do. Here's a good kb
> article to walk you thru the process.
>
> 319723 INF: SQL Server 2000 Kerberos support including SQL Server virtual
> http://support.microsoft.com/?id=319723
>
>
> Thanks,
>
> Kevin McDonnell
> Microsoft Corporation
>
> This posting is provided AS IS with no warranties, and confers no rights.

Relevant Pages

  • Re: When not to log
    ... >> never get any probes during the 5-20 minutes of collecting mail and news, ... Connection from unprivileged to my 80? ... Is it impossible for a compromised web server to pass client IPs ...
    (comp.os.linux.security)
  • Re: Retrieving state information from a middle tier
    ... which I imagine means multiple sets of connection information. ... can store as many Connection Strings, etc. in the Registry that you want. ... > (web server). ... > IISIntrinsics to retrieve Session information (where I store the server/db ...
    (microsoft.public.dotnet.framework.aspnet)
  • Kerberos timout with IIS6, ASP.Net and SQLServer
    ... We have a traditional ASP.Net 1.1 web site accessing a SQL2000 database ... using delegation and a trusted connection. ... fully authenticated through Kerberos and Integrated ... The connection with the web server works fine, ...
    (microsoft.public.inetserver.iis.security)
  • Re: D3 Connectivity Demos Download
    ... An XHR goes off to the web server that does its own magic. ... day we get 156kbps and being on one of the highest connection options ... DSL works on a split channel where the download speeds ... I've been deploying Windows apps since the 3.1 days. ...
    (comp.databases.pick)
  • Re: Encryption of Connection String
    ... SSL or IPSEC to secure the connection between the Web Server ... > If the connection string is for the session state server, ... Use the ASP.NET Utility to Encrypt Credentials and Session ...
    (microsoft.public.sqlserver.security)
Quantcast