Security context issue (weird behavior)
- From: "Adal" <Adal@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Nov 2005 07:43:12 -0800
Hi, I have a problem I have not been able to solve and after reading a lot on
msdn an on the web I'm not sure what might be causing it.
I have IIS 5.1 running on windows XP SP2 (I'll use windows 2003 server once
I figure out how to make it work) and SQL Server 2000 running on Windows 2003
server. Both machines are on the same domain.
The SQL Server is setup to use mix mode authentication.
I have a virtual directory setup on IIS, and uncheck everything on the
security tab except the Integrated Windows authentication Option, since I
want to use a group to grant access to the virtual directory to certain
users. Also, I need to use Integrated Windows authentication since I need to
determine the user account that is accesing the virtual directory.
The users have a domain account. The pages are developed on asp (not asp.net).
I'm using a SQL account to log in to the SQL Server. The SQL server, as I
mentioned before, is setup to mixed mode.
If I see the pages on the same machine where I have installed the IIS
everything works fine. The page displays my user id and I'm able to log in to
the Sql Server with the SQL account.
To log in to the SQL server I use an ADO connection. The ADO connection
string I'm using is this one:
"Provider=SQLOLEDB.1;" & _
"Trusted_Connection=false;" & _
"Data Source=SQLServer;" & _
"Initial Catalog=DB;" & _
"User ID=User;" & _
"Password=Password;"
If I try to view the pages on another computer on the network I'm able to
access the pages, but the asp page throws an error on the line that opens the
connection. The error I get on the web page is that the user User could not
log in, because there is no trusted connection. I've used the same user
logged in the machine on both scenarios. I have also tried with other users
and got the same error.
I have an idea of what could be the problem. I think the connection to the
SQL Server is being made on the security context of the account running the
IIS service, which is the System Account. I think this, because I've disabled
anonymous access and the IIS server can't delegate the information from the
user. Since it's running on the security context of the System account, it
can't be validated by the SQL Server, eventhough I'm using a SQL account on
the connection string.
I tried to view the pages from another machine with the anonymous access
enabled (IUSR_MachineName), but got the same result. I've also tried to run
the virtual directory using anonymous access with my domain account, but got
the same result.
After the unsuccesful tryies I decided to create a local account on both
machines, with the same username and password. Set up the anonymous access on
the virtual directory, using that local account, and finally was able to log
in to the SQL Server with the SQL account. But, on this scenario I cannot
determine the user Id of the person viewing the page.
I tried using ODBC and DSN in the connection string but got the same result:
could not stablish the connection because there is no trusted connection.
I have no access to the Active Directory console.
For what I've read I thought that by using a SQL server account on the
connection string I would be able to connect, since SQL server would be in
charge of the authorization between IIS and SQL. And IIS would take care of
the authorization between the client machine viewing the pages and the
virtual directory, but I think I was wrong.
Any help would be very appreciated, since I can't find a way out.
Thanks in advance.
.
- Prev by Date: Adodb.command date writing issue
- Next by Date: ADO and too many Handles
- Previous by thread: Adodb.command date writing issue
- Next by thread: ADO and too many Handles
- Index(es):
Relevant Pages
|
|
