Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
From: Brad Simon (bsimon_at_simondeveloping.com)
Date: 08/11/04
- Next message: Jon Snow: "Memory issue with COM+ .NET Managed Component"
- Previous message: Sam Santiago: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- In reply to: Sam Santiago: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Aug 2004 16:17:01 -0700
"Sam Santiago" wrote:
> Propagating security context is always tricky. Do you want the Windows App
> user login to propagate throughout?
Yes.
This might work in a LAN environment.
> Try these things:
>
> 1) Turn off anonymous access to the website hosting your web server. Use
> only Integrated Windows Authentication.
DONE
> 2) Add the following to the web.config:
>
> <identity impersonate="true"/>
> <authentication mode="Windows" />
DONE
>
> 3) The connect string to the SQL Server database should use integrated
> security:
>
> myConn = New SqlConnection("Initial Catalog=<dbname>;Data
> Source=<servername>;Integrated Security=SSPI;")
DONE
>
> This means that each application user will have to have a SQL Server login
> defined as well. I'm not sure doing all this would work, but it should get
> you closer.
Not an option.
>
> You might want to use a known login for access to the db from the web
> service. Assuming the DLL is a .NET assembly you could create an app.config
> file that stores the connection string parameters using SQL Server login vs.
> Integrated login. The DLL would use this information to create the login.
> This can also help you track sessions on SQL Server related to your web
> service use.
NOT an option
I want the security token to delegate all the way through the application.
It uses the logged in user's name in SQL for Audit tracking.
>
> Here's an article with plenty of information:
>
> ASP.NET Authentication and Authorization
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod03.asp?frame=true
Thanks for the link, I hope I can work with the delegation part on this
network.
>
>
> Thanks,
>
> Sam
>
> --
> _______________________________
> Sam Santiago
> ssantiago@n0spam-SoftiTechture.com
> http://www.SoftiTechture.com
> _______________________________
> "Brad Simon" <bsimon@simondeveloping.com> wrote in message
> news:54BB26D9-0771-4203-818D-B70729EEA3FE@microsoft.com...
> > I am creating a distributed app, and I am having a problem with the user's
> > identity getting propagated to the SQL server.
> >
> > Here is the layout:
> > Windows App --> Web Service --> DLL --> SQL server 2000
> >
> > Windows App is on WIN XP Pro, with logged on user.
> >
> > Web service on a w2K3 server, using integrated authentication, web.config
> > file set up for windows authentication / impersonate='true' / deny='?'.
> The
> > web service runs under it's own App Pool, and the App Pool runs under the
> > network service account.
> >
> > DLL on same server as web service
> >
> > SQL server 2000 on W2K server.
> >
> > All works great on my development box. We just moved the web services to
> a
> > development web server, and that is when it breaks. I get the error:
> Login
> > failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
> >
> > I know the user's identity gets to the web service, as the EMAB (Exception
> > Management Application Block) has logged the user name and domain
> properly.
> > We also have other web services configured in the same manner that work
> fine,
> > as they don't go a SQL server.
> >
> > I see many posts on this subject, but no answer has helped me out. I look
> > forward to many correct answers :)
> >
> > Thanks,
> >
> > --
> > Thanks,
> > Brad Simon
>
>
>
- Next message: Jon Snow: "Memory issue with COM+ .NET Managed Component"
- Previous message: Sam Santiago: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- In reply to: Sam Santiago: "Re: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
