Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Integrated security fails on new server (http://www.velocityreviews.com/forums/t767757-integrated-security-fails-on-new-server.html)

kaborka 08-12-2005 01:56 AM

Integrated security fails on new server
 
We are migrating from our old intranet server to a new one. My ASP.Net C#
app uses integrated security to connect to a SQL 2000 server located on a
different machine in the same domain. It is working fine on the old server.
The following are in web.config:

<authentication mode="Windows" />
<identity impersonate="true" />

Anonymous access is disabled on the virtual directory. Connection strings
are of the form:
Server=myserver;Database=mydb;Persist Security Info=False;Integrated
Security=SSPI;

On the new intranet server, the asp.net page can connect to the local SQL
Server using integrated security, and I have confirmed it us impersonating
the user correctly. However, when the page tries to connect to a different
SQL Server, I get the exception: "Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection."

Since this asp.net app works fine on our current intranet server (the
webpages are able to connect to SQL Server running on a different machine
using integrated security), there must be a problem with the configuration of
the new server.

I've confirmed that "Integrated Windows Authentication" is the only option
checked on the Authentication Methods dialog of the website properties, and
the web.config is set up correctly. What else should I look for to make the
new server work the same as the old one?

Paul Clement 08-12-2005 03:12 PM

Re: Integrated security fails on new server
 
On Thu, 11 Aug 2005 18:56:02 -0700, "kaborka" <kaborka@discussions.microsoft.com> wrote:

We are migrating from our old intranet server to a new one. My ASP.Net C#
app uses integrated security to connect to a SQL 2000 server located on a
different machine in the same domain. It is working fine on the old server.
The following are in web.config:

<authentication mode="Windows" />
<identity impersonate="true" />

Anonymous access is disabled on the virtual directory. Connection strings
are of the form:
Server=myserver;Database=mydb;Persist Security Info=False;Integrated
Security=SSPI;

On the new intranet server, the asp.net page can connect to the local SQL
Server using integrated security, and I have confirmed it us impersonating
the user correctly. However, when the page tries to connect to a different
SQL Server, I get the exception: "Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection."

Since this asp.net app works fine on our current intranet server (the
webpages are able to connect to SQL Server running on a different machine
using integrated security), there must be a problem with the configuration of
the new server.

I've confirmed that "Integrated Windows Authentication" is the only option
checked on the Authentication Methods dialog of the website properties, and
the web.config is set up correctly. What else should I look for to make the
new server work the same as the old one?

Integrated security with SQL Server and an ASP.NET application implementing impersonation requires
Kerberos in a trusted environment in order to delegate credentials to a remote database server.
Without Kerberos, the integrated windows security authentication w/IIS is performed by NTLM and IIS
never receives credentials to delegate.


Paul
~~~~
Microsoft MVP (Visual Basic)

kaborka 08-12-2005 07:49 PM

Re: Integrated security fails on new server
 

Well, I'm embarrassed! I double-checked the connection string used by the
ASP.net app on the old intranet server, and it is using SQL authentication
when it connects to a remote SQL Server. The connection string parameters
are set up in the registry. I had thought it was using integrated security
for both the local and remote SQL connections, but it was only using
integrated security for the local connection. My bad!

Thanks for your reply.

> Integrated security with SQL Server and an ASP.NET application implementing impersonation requires
> Kerberos in a trusted environment in order to delegate credentials to a remote database server.
> Without Kerberos, the integrated windows security authentication w/IIS is performed by NTLM and IIS
> never receives credentials to delegate.
>
>
> Paul
> ~~~~
> Microsoft MVP (Visual Basic)
>



All times are GMT. The time now is 04:42 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.