Re: Connecting to SQLServer 2000 from ASP.NET

From: Patrick (patl_at_reply.newsgroup.msn.com)
Date: 04/25/04

• Next message: Bill Borg: "RE: Adding event handler for dynamically created controls"
• Previous message: Alex Maghen: "TableRow Borders"
• In reply to: Steven Cheng[MSFT]: "Re: Connecting to SQLServer 2000 from ASP.NET"
• Next in thread: Patrick: "Re: Connecting to SQLServer 2000 from ASP.NET"
• Messages sorted by: [ date ] [ thread ]

Date: Sun, 25 Apr 2004 20:30:22 +0100

Hi Steven,

Thanks for your reply.

This is a web application which does not take in a user ID (from IIS
Integrated windows authentication or Forms authentication) and it should
ideally use the IWAM_MachineName account to connect to SQL Server (in a
test/production environment), but for a development environment, it would do
with a developer's domain account.

I understand that if I have the <impersonate /> tag within the
machine.config, then this settings would apply to all web applications on
the machine, and if I set it within the web.config of an individual web
asp.net application, then only that application would be impersonated.

My point is
1) It should be OK to have the impersonate settings in machine.config
2) My ASP.NET application should pickup the <impersonate/> settings from the
machine.config (it was not set in web.config)
3) But it clearly isn't working, as you see from my SQL Exception, it seems
like the username is NULL !!

Note I do *Not* want to impersonate programatically, because this is only
meant to be a remedy in the development enviroment, whereby the SQL Server
on a seperate SQL Server cannot add DevelopmenPC\IWAM_DevelopmentPC as a
user (where by in production, SQL and ASP.NET would be running from the same
box and would not be an issue).

But my query is why isn't ASP.NET seem to be passing the impersonated user
credentials to SQL Server when it is trying to connect to execute the SQL
query?

"Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message
news:V3IO8gaKEHA.3088@cpmsftngxa10.phx.gbl...
> Hi Patrick,
>
> First, glad that your critical problem has been resolved. As for the
> connecting to sqlserver problem,
> have you ever tried the suggestions in my last reply? As I've mentioned,
> when you want to provide some powerful permisssions(a powerful account )
> when accessing some serverside resource, you can just use impersonate
> rather than changing anything in the machine.config.
>
> You can both
> 1) the user account from the client(passed by iis)
> 2) specified a fix accoun in the <identity ..> element for asp.net to use
> when accessing serverside resources.
> <identity impersonate="true" userName="MyDomain\aspUser1"
> password="password"/>
>
> #note in your web.config, not machine.config, machine.config is the
setting
> for all the web applicatoin on the machine, and can be override in each
web
> app' web.config file.
>
> when we set <identity impersonate="true" ...> if we specify a user account
> after it, then the asp.net will use this account to access serverside
> resources . If not specified, it will use the account passed from IIS(the
> client account)
>
> 3) Also, we can use code to programmatically impersnate the current
> thread's security context. I strongly recommend that you have a look at
the
> following tech article which may provide some clues.
>
> #INFO: Implementing Impersonation in an ASP.NET Application
> http://support.microsoft.com/?id=306158
>
> Also, the following refrences will help you understand the impersonating
> and the ASP.NET's authentication mechnism.
>
> #ASP.NET Impersonation
>
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconaspnetimpersonatio
> n.asp?frame=true
>
> #Using IIS Authentication With ASP.NET Impersonation
>
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconusingiisauthentica
> tionwithaspnetimpersonation.asp?frame=true
>
> Good Luck. Thanks.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
> Get Preview at ASP.NET whidbey
> http://msdn.microsoft.com/asp.net/whidbey/default.aspx
>
>

• Next message: Bill Borg: "RE: Adding event handler for dynamically created controls"
• Previous message: Alex Maghen: "TableRow Borders"
• In reply to: Steven Cheng[MSFT]: "Re: Connecting to SQLServer 2000 from ASP.NET"
• Next in thread: Patrick: "Re: Connecting to SQLServer 2000 from ASP.NET"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: How to use WindowsPrincipal properly?? ... > If you want to check if the user is in the local computers security group ... > used by the general public you have to use Basic Authentication of course. ... You can logon a set account ... > WindowsIndentity which is then used to Impersonate. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Impersonation ASPNET SQL Server ... I think you need to impersonate those user accounts in asp.net ... !Subject: Re: Impersonation ASPNET SQL Server ... Authentication, and Secure Communication is just one ... (microsoft.public.dotnet.framework.aspnet.security) Re: How to use WindowsPrincipal properly?? ... I mixed up the administrator account versus the group. ... used by the general public you have to use Basic Authentication of course. ... WindowsIndentity which is then used to Impersonate. ... You don't have to validate the user at all normally. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Subscriber Security Settings for Distributor and Publisher log ... Looking for a book on SQL Server replication? ... >> It is done through SQL Server authentication or NT Authentication. ... > using Authentication it authenticates using the account that your SQL ... (microsoft.public.sqlserver.replication) Re: SQL Server registration failed because of the connection failure displayed below ... Authentication: SQL Server and Windows ... Start and run SQL Server in the following account: ... (microsoft.public.sqlserver.security)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint