Re: Security Delegation between IIS and SQL Server
From: Hannes Mayer (hmayer@mis.at)
Date: 02/24/03
- Next message: Nilesh Padbidri: "When does a user become meber of 'Authenticated Users' group"
- Previous message: Hannes Mayer: "Re: Security Delegation between IIS and SQL Server"
- In reply to: Jeff Cochran: "Re: Security Delegation between IIS and SQL Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hannes Mayer" <hmayer@mis.at> Date: Mon, 24 Feb 2003 16:28:24 +0100
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
I am sure i use tcpip - server and client a configured to only tcpip - sql
server manager shows me the libraries used.
The Connection Work if i open the Webpage on the Server direct.
If I a open the webpage from an other workstation with the same user then i
get an "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'" on the sql
server. (In the web page i get the Error number "-2147217843" with no
description)
IIS must get the correct login information (because there are only read
rights for "Domain Users" on the files - and i get the correct file - my
errorhandler show me the errormessage)
Form the server each connection - IIS - Query Analyser and so on work - it
works too if I specifiy a username and password in the connection but i
cannot do this because the application work with different rights definied
in the database.
I cannot enable auditing, because therefore i must enable auditing for the
whole domain - therefore i dont get a OK.
any suggestings?
thanks
"Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
news:3e602909.2771337512@news.easynews.com...
> >2 Domain Controller
> >-DC1 is IIS with an ASP Web Application
> >-DC2 is SQL Server with the Database for the ASP Application
> >
> >Now i need Windows NT Authentication for the WebPage and for the
Database,
> >but the ADO Connection doesn´t work for a simple domain user.
> >
> >So what i have done:
> >- SQL Server uses only TCPIP:1433
> >- SQL Server run under Domainuser XY
> >- With SetSPN registered a Service Principal Name for the SQL Server on
Port
> >1433
> >- Domain Controllers are Default "Trusted for Delegation"
> >- Testuser - only member of Domain users - "Trusted for Delegation"
> >activated
> >- IIS Web App - only NT Auth.
> >- Testuser is a user in the SQL DB and hast correct Rights
> >- ADO Connection String is:
> > >WITH objADOConn
> > > .PROVIDER = "SQLOLEDB"
> > > .COMMANDTIMEOUT = 30
> > > .CONNECTIONTIMEOUT = 30
> > > .CURSORLOCATION = ADODB.adUseServer
> > > .PROPERTIES("INTEGRATED SECURITY") = "SSPI"
> > > .PROPERTIES("DATA SOURCE") = "DC2"
> > > .PROPERTIES("INITIAL CATALOG") = "MISAT"
> > > .PROPERTIES("PROMPT") = ADODB.adPromptNever
> > > .Properties("Application Name") = "MISAT_WEB"
> > >End With
> >
> >
> >Why does this not work - where else could be the problem - any
suggestions?
>
> Define "does not work" and we may beable to help. Error messages?
> Can you run Query Analyzer? Does this work embedding a user/password
> in the connection? Many issues are possible here...
>
> Jeff
- Next message: Nilesh Padbidri: "When does a user become meber of 'Authenticated Users' group"
- Previous message: Hannes Mayer: "Re: Security Delegation between IIS and SQL Server"
- In reply to: Jeff Cochran: "Re: Security Delegation between IIS and SQL Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
