«

Hi there,
I don't know if this is an IIS or SQL Server issue. I have an
ASP.Net web application that is set up with Anonymous access turned off and
Windows Authentication turned on. The SQL 2000 server (on another machine)
is set up for Windows only authentication. The application won't logon to
SQL Server, as I get the error above. I have searched for this error and
most of the articles suggest activating mixed mode authentication. This is
at a customer site however, and they want the server left as it is. How do
I make it work as intended.

Hello,

since you have three machines involved in this scenario (client machine, web
server, sql server) you most likely don't have kerberos configured, which is
required for this scenario (delegation of account tokens). Search for
"double-hop problem" and you'll find plenty of resources on this.

If you want integrated authentication on the client side, you need kerberos.
If you can live with people entering their credentials you could switch to
basic authentication and authenticate to the sql server with those
credentials. You should only do this if you have SSL enabled, otherwise the
credentials would be transferred in clear-text over the network.

Third option: Use integrated authentication from the client to the webserver
and use the service account of the IIS (AppPool user under Windows 2003+) to
authenticate to the SQL server.

Kind regards,
Henning Krause


"Waldy" <> wrote in message
news:%...
> Hi there,
> I don't know if this is an IIS or SQL Server issue. I have
> an ASP.Net web application that is set up with Anonymous access turned off
> and Windows Authentication turned on. The SQL 2000 server (on another
> machine) is set up for Windows only authentication. The application won't
> logon to SQL Server, as I get the error above. I have searched for this
> error and most of the articles suggest activating mixed mode
> authentication. This is at a customer site however, and they want the
> server left as it is. How do I make it work as intended.
>

Hi Henning,
there is already a .ASP application on the web server that
is working fine. It is only the ASP.Net application that has this problem.

Hello Waldy,

are the Impersonation settings equal on both asp.net applicaitons?

Kind regards,
Henning Krause

"Waldy" <> wrote in message
news:...
> Hi Henning,
> there is already a .ASP application on the web server
> that is working fine. It is only the ASP.Net application that has this
> problem.
>
>

"Henning Krause [MVP - Exchange]" <>
wrote in message news:...
> Hello Waldy,
>
> are the Impersonation settings equal on both asp.net applicaitons?

Hi Henning,
there is only one ASP.Net app, the other one is classic
..ASP and that works fine. Where are the Impersonation settings? If you are
talking about the IIS Web Site Properties / Directory Security /
Authentication Methods dialog, then yes, the settings are exactly the same.

Hi Waldy,

take a look at the web.config of the ASP.NET application.

There should be a tag named <identity>. Check if it is set to
<identity impersonate="true" />

if it's not there or impersonate="false", then impersonation is disabled.

Kind regards,
Henning Krause

"Waldy" <> wrote in message
news:%...
> "Henning Krause [MVP - Exchange]" <>
> wrote in message news:...
>> Hello Waldy,
>>
>> are the Impersonation settings equal on both asp.net applicaitons?
>
> Hi Henning,
> there is only one ASP.Net app, the other one is classic
> .ASP and that works fine. Where are the Impersonation settings? If you
> are talking about the IIS Web Site Properties / Directory Security /
> Authentication Methods dialog, then yes, the settings are exactly the
> same.
>