Re: Security Delegation between IIS and SQL Server

From: x y, mvp (levinson_k@despammed.com)
Date: 02/24/03 

From: "x y, mvp" <levinson_k@despammed.com>
Date: Mon, 24 Feb 2003 08:27:18 -0500

Try enabling auditing on both servers?

http://securityadmin.info/faq.htm#auditing

It could be that IIS is actually trying to connect to SQL using named pipes
or multi-protocol, despite how you think you've set it up. If this is the
case, then a successful Windows netbios login ID and connection must be
permitted from IIS to SQL before IIS can even attempt to log in using the
SQL account. Auditing might show you what's happening here.

"Hannes Mayer" <hmayer@mis.at> wrote in message
news:eJoUoO92CHA.1156@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> following Problem
>
> 2 Domain Controller
> -DC1 is IIS with an ASP Web Application
> -DC2 is SQL Server with the Database for the ASP Application
>
> Now i need Windows NT Authentication for the WebPage and for the Database,
> but the ADO Connection doesn´t work for a simple domain user.
>
> So what i have done:
> - SQL Server uses only TCPIP:1433
> - SQL Server run under Domainuser XY
> - With SetSPN registered a Service Principal Name for the SQL Server on
Port
> 1433
> - Domain Controllers are Default "Trusted for Delegation"
> - Testuser - only member of Domain users - "Trusted for Delegation"
> activated
> - IIS Web App - only NT Auth.
> - Testuser is a user in the SQL DB and hast correct Rights
> - ADO Connection String is:
> >WITH objADOConn
> > .PROVIDER = "SQLOLEDB"
> > .COMMANDTIMEOUT = 30
> > .CONNECTIONTIMEOUT = 30
> > .CURSORLOCATION = ADODB.adUseServer
> > .PROPERTIES("INTEGRATED SECURITY") = "SSPI"
> > .PROPERTIES("DATA SOURCE") = "DC2"
> > .PROPERTIES("INITIAL CATALOG") = "MISAT"
> > .PROPERTIES("PROMPT") = ADODB.adPromptNever
> > .Properties("Application Name") = "MISAT_WEB"
> >End With
>
>
> Why does this not work - where else could be the problem - any
suggestions?
>
> TANKs for help
> Hannes
>
>

Relevant Pages

  • FW: Microsoft Security Advisory MS 03-007
    ... am trying to find a vulnerability tester/script and I could test it out ... Department of the Army server that had been compromised and that this ... announcement covers IIS 5.1 but not IIS 6, ... How a Hacker Uses SQL Injection to Steal Your SQL Data! ...
    (Focus-Microsoft)
  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)
  • RE: MS patch-scanner for Win-NT, 2K, IIS, SQL
    ... MS patch-scanner for Win-NT, 2K, IIS, SQL ... XML file from the following location - mssecure.xml Possible ... and on a NT 4 Server, but the scanner works fine on a W2K Server ...
    (Focus-Microsoft)
  • Re: SQL CE Synching Problems
    ... install location of SQL CE instead of under Inetpub like I had done before. ... > so the issue has to be between the server tools and the publisher. ... >>I ran the wizard again to check all the permissions and this is what it ... >> A request to send data to the computer running IIS has failed. ...
    (microsoft.public.sqlserver.ce)
  • Re: General Network Error - MS Stumped
    ... > environment between our ASP.NET application and SQL Server 2000. ... > to be related to queries that return "large" amounts of data from SQL. ... > MS had us perform 3 data captures initially: MPSRPT_MDAC on the IIS ... > at System.Data.SqlClient.TdsParser.ReadByteArray(Bytebuff, Int32 ...
    (microsoft.public.sqlserver.server)
Quantcast