Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
From: Sam Santiago (ssantiago_at_n0spam-SoftiTechture.com)
Date: 08/11/04
- Next message: Brad Simon: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Previous message: Brad Simon: "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- In reply to: Brad Simon: "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Next in thread: Brad Simon: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Reply: Brad Simon: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 15:56:51 -0700
Propagating security context is always tricky. Do you want the Windows App
user login to propagate throughout? This might work in a LAN environment.
Try these things:
1) Turn off anonymous access to the website hosting your web server. Use
only Integrated Windows Authentication.
2) Add the following to the web.config:
<identity impersonate="true"/>
<authentication mode="Windows" />
3) The connect string to the SQL Server database should use integrated
security:
myConn = New SqlConnection("Initial Catalog=<dbname>;Data
Source=<servername>;Integrated Security=SSPI;")
This means that each application user will have to have a SQL Server login
defined as well. I'm not sure doing all this would work, but it should get
you closer.
You might want to use a known login for access to the db from the web
service. Assuming the DLL is a .NET assembly you could create an app.config
file that stores the connection string parameters using SQL Server login vs.
Integrated login. The DLL would use this information to create the login.
This can also help you track sessions on SQL Server related to your web
service use.
Here's an article with plenty of information:
ASP.NET Authentication and Authorization
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod03.asp?frame=true
Thanks,
Sam
-- _______________________________ Sam Santiago ssantiago@n0spam-SoftiTechture.com http://www.SoftiTechture.com _______________________________ "Brad Simon" <bsimon@simondeveloping.com> wrote in message news:54BB26D9-0771-4203-818D-B70729EEA3FE@microsoft.com... > I am creating a distributed app, and I am having a problem with the user's > identity getting propagated to the SQL server. > > Here is the layout: > Windows App --> Web Service --> DLL --> SQL server 2000 > > Windows App is on WIN XP Pro, with logged on user. > > Web service on a w2K3 server, using integrated authentication, web.config > file set up for windows authentication / impersonate='true' / deny='?'. The > web service runs under it's own App Pool, and the App Pool runs under the > network service account. > > DLL on same server as web service > > SQL server 2000 on W2K server. > > All works great on my development box. We just moved the web services to a > development web server, and that is when it breaks. I get the error: Login > failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. > > I know the user's identity gets to the web service, as the EMAB (Exception > Management Application Block) has logged the user name and domain properly. > We also have other web services configured in the same manner that work fine, > as they don't go a SQL server. > > I see many posts on this subject, but no answer has helped me out. I look > forward to many correct answers :) > > Thanks, > > -- > Thanks, > Brad Simon
- Next message: Brad Simon: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Previous message: Brad Simon: "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- In reply to: Brad Simon: "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Next in thread: Brad Simon: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Reply: Brad Simon: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
