RE: Webservice SQL logon fails on production IIS server
From: D. Brown (Brown_at_discussions.microsoft.com)
Date: 02/23/05
- Next message: Brad Wood: "Re: Can't get my custom attribute from web method"
- Previous message: Søren M. Olesen: "SyncLock across application boundaries"
- In reply to: Tim Baley: "Webservice SQL logon fails on production IIS server"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 23 Feb 2005 05:41:03 -0800
Tim,
The reason why your authentication is failing is becuase you're trying to
authenticate to a remote source and when using windows auth, you will have
difficulties unless you use delegation w/ kerberos, some type of PKI-related
authentication strategy, pass basic auth credentials(with SSL or IPSEC), or
configure your application to use a particular set of credentials to
authenticated to your remote SQL server.
It works locally because the "'NT AUTHORITY\ANONYMOUS LOGON" is local to the
system. I'm not sure but, I may have read somewhere, where you can actually
synchronize these passwords on both servers. Then add the id as a login to
SQL server.
The root of the problem goes something like this: When you authenticate to
IIS, you pass your primary token which consists of your username and
password. When access to a remote resource is needed and the server is
passing the credentials indirectly, it attempts to pass them using a
secondary token which consists of a username and a 'hash' of the password.
It's this hash which is causing your authentication failure.
Hope this helps.
D. Brown, MCSE 2003
"Tim Baley" wrote:
> I recently created some intranet web sevices to expose stored procedures on
> our SQL Servers (SQL2k). The stored procedures include an audit trail with
> user/login identification, so the web services are set up for Windows
> integrated authentication. The web sevices work well when they are hosted on
> IIS on my Win2k Pro development machine. I have tried accessing the services
> under several user accounts on several machines, including machines in other
> zones connected by VPN. I have connected the webservices to different SQL
> servers.
>
> When I move the services to production IIS servers, the database connection
> step throws an exception "Login failed for user 'NT AUTHORITY\ANONYMOUS
> LOGON'". The web service on the production service is not flowing the user
> credentials through to SQL server. What do I need to do to get the service
> to work?
>
> Thanks,
> Tim Bailey
> Energy Laboratories, Inc.
- Next message: Brad Wood: "Re: Can't get my custom attribute from web method"
- Previous message: Søren M. Olesen: "SyncLock across application boundaries"
- In reply to: Tim Baley: "Webservice SQL logon fails on production IIS server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
