Security Delegation between IIS and SQL Server

From: Hannes Mayer (hmayer@mis.at)
Date: 02/24/03

• Next message: David: "Stolen"
• Previous message: LawZ: "Re: Access is denied forever"
• Next in thread: x y, mvp: "Re: Security Delegation between IIS and SQL Server"
• Reply: x y, mvp: "Re: Security Delegation between IIS and SQL Server"
• Reply: Jeff Cochran: "Re: Security Delegation between IIS and SQL Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Hannes Mayer" <hmayer@mis.at>
Date: Mon, 24 Feb 2003 08:08:39 +0100

Hi,

following Problem

2 Domain Controller
-DC1 is IIS with an ASP Web Application
-DC2 is SQL Server with the Database for the ASP Application

Now i need Windows NT Authentication for the WebPage and for the Database,
but the ADO Connection doesn´t work for a simple domain user.

So what i have done:
- SQL Server uses only TCPIP:1433
- SQL Server run under Domainuser XY
- With SetSPN registered a Service Principal Name for the SQL Server on Port
1433
- Domain Controllers are Default "Trusted for Delegation"
- Testuser - only member of Domain users - "Trusted for Delegation"
activated
- IIS Web App - only NT Auth.
- Testuser is a user in the SQL DB and hast correct Rights
- ADO Connection String is:
>WITH objADOConn
> .PROVIDER = "SQLOLEDB"
> .COMMANDTIMEOUT = 30
> .CONNECTIONTIMEOUT = 30
> .CURSORLOCATION = ADODB.adUseServer
> .PROPERTIES("INTEGRATED SECURITY") = "SSPI"
> .PROPERTIES("DATA SOURCE") = "DC2"
> .PROPERTIES("INITIAL CATALOG") = "MISAT"
> .PROPERTIES("PROMPT") = ADODB.adPromptNever
> .Properties("Application Name") = "MISAT_WEB"
>End With

Why does this not work - where else could be the problem - any suggestions?

TANKs for help
Hannes

---

• Next message: David: "Stolen"
• Previous message: LawZ: "Re: Access is denied forever"
• Next in thread: x y, mvp: "Re: Security Delegation between IIS and SQL Server"
• Reply: x y, mvp: "Re: Security Delegation between IIS and SQL Server"
• Reply: Jeff Cochran: "Re: Security Delegation between IIS and SQL Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: sql server 2008 setup failure ... Installing SQL Server on a Domain Controller ... service account or a network service account. ... (microsoft.public.sqlserver.setup) Re: sql server 2008 setup failure ... Installing SQL Server on a Domain Controller ... service account or a network service account. ... (microsoft.public.sqlserver.setup) Login failed for user (null). Reason: Not associated with a trusted SQL Server connection ... Not associated with a trusted SQL Server connection. ... Impersonate SQL Server users. ... However, if you deal with the Domain controller, most of the controls there ... then go to the Local security policy and add users there. ... (microsoft.public.sqlserver.server) Login failed for user (null). Reason: Not associated with a trusted SQL Server connection ... Not associated with a trusted SQL Server connection. ... Impersonate SQL Server users. ... However, if you deal with the Domain controller, most of the controls there ... then go to the Local security policy and add users there. ... (microsoft.public.windows.server.security) Re: Error 0x80070534 when changing service account ... Managing this on a domain controller can be a pain. ... issues - it's a different risk when you install SQL Server ... If I use the prefix, I got error 0x80070534, if I don't use the prefix I got ... Which means the password you used for the account was ... (microsoft.public.sqlserver.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)