Re: Web Applicaiton using Trusted Connections to SQL on different machine?

From: Scott Townsend (scott-i_at_.-N0-SPAMplease.enm.com)
Date: 07/25/05

  • Next message: BAG: "SQL2K:How to insure that data is NOT recoverable by forensic metho" 
    Date: Mon, 25 Jul 2005 07:46:08 -0700

    Thank you for your reply. The only way I've been able to get it to work is
    to turn off Integrated and turn on Basic Text Authentication.

    Is your SQL Server on a physically different machine then your Webserver?
    If they are on the same machine it seems to work jsut fine with Integrated
    Authentication. Its when its on a different machine that it does not..

    This isn't the most recent one that i found, but I cant seem to find the one
    I did the other day. This is for IIS5 and SQL6.5 but pretty much says the
    same thing.
    http://support.microsoft.com/kb/176379/EN-US

    It would be nice to be able to use Integrated Authentication, But this will
    work. It prompts them for a Username and Password, so that way if someone
    sits down at the person's desk who has access to the data, they still need
    to enter in a username/password. Of course its in clear text, but I think
    the chances of someone here being able to packet sniff the traffic between
    the two machines is pretty slim with all the switches in-between.

    Thank you for your assistance.
    Scott<-
    "Bob Barrows [MVP]" <reb01501@NOyahoo.SPAMcom> wrote in message
    news:O1cNIT8iFHA.3296@TK2MSFTNGP10.phx.gbl...
    >I can't seem to reproduce your problem. Here is my attempt:
    >
    > <%
    > dim cn, rs, sSQL
    > set cn = server.CreateObject("ADODB.Connection")
    > cn.Open "provider=sqloledb;data source=clndwdev;" & _
    > "Integrated Security=SSPI;Initial Catalog=Northwind"
    >
    > sSQL = "Select suser_sname()"
    >
    > set rs = cn.Execute(sSQL,,1)
    > Response.Write rs.GetStringrs.close:set rs=nothing
    > cn.Close:set cn=nothing
    > %>
    >
    > My website has Anonymous turned off, and Integrated Windows Authentication
    > on. Running the page results in my login being written to response.
    >
    > It seems we are at an impasse. My only suggestion is to verify that your
    > SQL
    > Servers are up-to-date with their service packs. I seem to recall that one
    > of the service packs fixed an issue with trusted connections...
    >
    > Bob Barrows
    >
    >
    > Scott Townsend wrote:
    >> I've changed the Driver to Provider and set it to sqloledb. I get the
    >> Same Errors. And yes, you are correct, it was on the Open, not the
    >> Execute.
    >>
    >> Depending if I set the server to our backup Production SQL Server or
    >> the Production SQL Server I get the following:
    >>
    >> ---backup Production SQL Server
    >> Error Type:
    >> Microsoft OLE DB Provider for SQL Server (0x80040E4D)
    >> Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
    >>
    >>
    >> ---Production SQL Server
    >> Error Type:
    >> Microsoft OLE DB Provider for SQL Server (0x80004005)
    >> Login failed for user '(null)'. Reason: Not associated with a trusted
    >> SQL Server connection.
    >>
    >> Then I do a "Response.Write Request.ServerVariables("logon_user")" I
    >> get the proper Domain\UserID of who is logged into the Local Machine
    >> that I want passed to the Webserver to Pass then to the SQL Server.
    >>
    >>
    >> Thanks you,
    >> Scott<-
    >>
    >> "Bob Barrows [MVP]" <reb01501@NOyahoo.SPAMcom> wrote in message
    >> news:ONzZn%23jhFHA.3568@TK2MSFTNGP10.phx.gbl...
    >>> Scott Townsend wrote:
    >>>> Thank you for your reply.
    >>>>
    >>>> I'm not sure if this is really .Net Related though. I get the
    >>>> Error if I use ASP.NET code to make the connection, or if i just
    >>>> use ASP code to make the connection.
    >>>>
    >>>> My ASP code looks like this:
    >>>>
    >>>> Set enm = Server.CreateObject("adodb.connection")
    >>>> enm.Open "Driver={SQL
    >>>> Server};Server=SERVER;Trusted_Connection=yes;Database=Northwind;"
    >>>
    >>> You should use the native OLE DB provider, not ODBC:
    >>>
    >>> enm.open "provider=sqloledb;Integrated Security=SSPI;" & _
    >>> "Data Source=SERVER;Initial Catalog=Northwind"
    >>>
    >>>
    >>>> Set rsUser = enm.Execute("SELECT * FROM customers")
    >>>> Set enm = Nothing
    >>>> I get the Error on the .Execute
    >>>>
    >>>
    >>> On the Execute? If it was a problem with the connection itself, the
    >>> Open statement would be throwing the error, not the Execute.
    >>>
    >>> What is the error?
    >>>
    >>> Bob Barrows
    >>> --
    >>> Microsoft MVP -- ASP/ASP.NET
    >>> Please reply to the newsgroup. The email account listed in my From
    >>> header is my spam trap, so I don't check it very often. You will get
    >>> a quicker response by posting to the newsgroup.
    >
    > --
    > Microsoft MVP -- ASP/ASP.NET
    > Please reply to the newsgroup. The email account listed in my From
    > header is my spam trap, so I don't check it very often. You will get a
    > quicker response by posting to the newsgroup.
    >
    >

  • Next message: BAG: "SQL2K:How to insure that data is NOT recoverable by forensic metho"

    Relevant Pages

    • Re: Web Applicaiton using Trusted Connections to SQL on different machine?
      ... to turn off Integrated and turn on Basic Text Authentication. ... Is your SQL Server on a physically different machine then your Webserver? ... >> I've changed the Driver to Provider and set it to sqloledb. ... > quicker response by posting to the newsgroup. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Windows Authentication in asp.net 2005 to SQL Server?
      ... If the domains do not trust each other, Windows authentication is not going ... Basic authentication sometimes makes the need for Kerberos delegation go ... generic account to do the backend data stuff on our SQL Server. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: I dont want to re-invent the Login/Login Wheel - Help with utilities
      ... Yes, if you use .NET1.1, there isn't built-in login control, and more importanltly there isn't ready-to-use membership component to use. ... the membership provider uses SQL Server or SQL Server Express. ... We feel that having the capability to force password change would be a better benefit in securing our application and data access. ... Both Windows authentication and authorization wolud be be fine if we wanted the world to have access to our application data, but not very intuitive for maintaining integrity over our data. ...
      (microsoft.public.vstudio.general)
    • RE: IIS (ASP) -> SQLServer Authentication Issue
      ... I understand that you'd like to use IIS Intergration authentication in the ... and ASP "impersonates" authencitaed users to access SQL Server on ... only kerberos authentication allows double-hops from clients ...
      (microsoft.public.sqlserver.security)
    • Re: SBS Premium Edition .. what way is SQL licenced
      ... Another thing to note in using your SQL Server as a backend database is the ... concept of Forms-based authentication and Integrated Windows authentication. ... thereby requiring individual CALs to access SQL Server. ... Chad A. Gross - SBS MVP ...
      (microsoft.public.windows.server.sbs)