Delegation between .Net web app and SQL Server

From: Jim Weatherly (jweatherly@digineer.com)
Date: 09/30/02

• Next message: John: "LAN auditing???"
• Previous message: Jeff Cochran: "Re: 2000 pro security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jim Weatherly" <jweatherly@digineer.com>
Date: Mon, 30 Sep 2002 15:10:56 GMT

Hi,
We have two W2K Servers, one running an
ASP.Net website and one running SQL Server 2000. They
both have two NICs. They are members of an Active
Directory domain, but they both use one NIC to talk to
each other directly, and they are using private IP
addresses on the internal nics (192.168.50.x). We are
using windows authentication and delegating user
credentials to the database for security. This works when
we talk to the database from the webserver over the domain-
addressed "External" NIC, but only the Administrator user
can delegate across the "Internal", or private IP
addressed NICs. Any normal user, even one that is a
member of Domain Admin group, can not delegate across that
private IP address - we get
the "NT_AUTHORITY/ANONYMOUS_USER" login error message from
SQL Server.

So far I tried putting an entry into DNS for the two
private IP addresses, and I tried to add a computer to
Active Directory with the name of the DNS entry for the
webserver, and marked it trusted for delegation. Doesn't
seem to work, however.

Our connection string in the web.config file is:
"data source=MyInternalComputerName;initial
catalog=MyDB;integrated security=SSPI;persist security
info=False"

where MyInternalComputerName is the name I added to DNS
for the private IP address of the SQL Server machine.

Once again, if I authenticate against the website as the
domain Administrator user, the delegation seems to work -
I get access to SQL Server, and the profiler shows
MyDomain\Administrator as the login for the SQL calls.
But any other domain user gets the
NT_AUTHORITY/ANONYMOUS_USER error message, indicating no
windows credentials came across (I think.)

Any ideas?

Thanks a million,
Jim Weatherly
jweatherly@digineer.com

• Next message: John: "LAN auditing???"
• Previous message: Jeff Cochran: "Re: 2000 pro security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Delegation between .Net web app and SQL Server ... ASP.Net website and one running SQL Server 2000. ... and they are using private IP ... addresses on the internal nics. ... can delegate across the "Internal", ... (microsoft.public.sqlserver.security) Re: Delegation between .Net web app and SQL Server ... separate DNS name. ... So if your server is called X, ... and y.y.y.y is the IP address of the private IP addressed NIC on ... > addresses on the internal nics. ... (microsoft.public.sqlserver.security) RE: Cluster diagnostics tool test fails ... At first I didn't had private NIC only for private traffic, ... > Are the Private Heartbeat NICs connected to a switch, ... Cluster diagnostics tool test fails ... Right after installation I ran ... (microsoft.public.windows.server.clustering) Re: Change structure Question fo SBS2000 ... You really want two nics still in the server ... Then a second one with a different private IP going to the router. ... This LAN ... (microsoft.public.windows.server.sbs) java.lang.NoClassDefFoundError: com/microsoft/jdbc/base/BaseDriver ... Trying to connect to an SQL Server 2000 database using MS SQL JDBC. ... import java.*; public class Connect{private java.sql.Connection con = null; ... private final String serverName= "localhost"; ... (comp.lang.java.help)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint