Re: Security Delegation between IIS and SQL Server

From: Jeff Cochran (jcochran.nospam@naplesgov.com)
Date: 02/24/03 

From: jcochran.nospam@naplesgov.com (Jeff Cochran)
Date: Mon, 24 Feb 2003 14:18:17 GMT

>2 Domain Controller
>-DC1 is IIS with an ASP Web Application
>-DC2 is SQL Server with the Database for the ASP Application
>
>Now i need Windows NT Authentication for the WebPage and for the Database,
>but the ADO Connection doesn´t work for a simple domain user.
>
>So what i have done:
>- SQL Server uses only TCPIP:1433
>- SQL Server run under Domainuser XY
>- With SetSPN registered a Service Principal Name for the SQL Server on Port
>1433
>- Domain Controllers are Default "Trusted for Delegation"
>- Testuser - only member of Domain users - "Trusted for Delegation"
>activated
>- IIS Web App - only NT Auth.
>- Testuser is a user in the SQL DB and hast correct Rights
>- ADO Connection String is:
> >WITH objADOConn
> > .PROVIDER = "SQLOLEDB"
> > .COMMANDTIMEOUT = 30
> > .CONNECTIONTIMEOUT = 30
> > .CURSORLOCATION = ADODB.adUseServer
> > .PROPERTIES("INTEGRATED SECURITY") = "SSPI"
> > .PROPERTIES("DATA SOURCE") = "DC2"
> > .PROPERTIES("INITIAL CATALOG") = "MISAT"
> > .PROPERTIES("PROMPT") = ADODB.adPromptNever
> > .Properties("Application Name") = "MISAT_WEB"
> >End With
>
>
>Why does this not work - where else could be the problem - any suggestions?

Define "does not work" and we may beable to help. Error messages?
Can you run Query Analyzer? Does this work embedding a user/password
in the connection? Many issues are possible here...

Jeff

Relevant Pages

  • Re: MS Access DAO -> ADO.NET Migration
    ... William Vaughn ... Microsoft MVP ... Hitchhiker's Guide to Visual Studio and SQL Server ... My migration app works building a SSCE database file with imported data ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Cluster will not fail over.
    ... > As far as the TCP/IP issue goes, you had to rebuild the cluster and were ... > able to restore the master database. ... > a cluster installation you'll have to revisit. ... >> This worked bringing up the sql server in minimal mode. ...
    (microsoft.public.sqlserver.clustering)
  • Re: MS Access DAO -> ADO.NET Migration
    ... For that it is much harder to handle the incremental identifier, ... database but although they have the data, they are not connected at the same ... The book was a pleasure to read after the gibberish that Microsoft 'puts ... SQL Server Management Studio is nowhere to be found on my ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Word 2003/Access2000/SQLSVR
    ... SQL server being where the data is held and this is accessed through a MS ... entire database and that may be say a record for Berkshire. ... "Peter Jamieson" wrote: ... replaced with the first record on the table in use. ...
    (microsoft.public.word.mailmerge.fields)
  • Re: MS Access DAO -> ADO.NET Migration
    ... full SQL Server and I see the logic you explained in a multi user ... allow two users to access the same database file Read/Write at any given ... The book was a pleasure to read after the gibberish that Microsoft 'puts ... Hitchhiker's Guide to Visual Studio and SQL Server ...
    (microsoft.public.dotnet.framework.adonet)