>I would like to use KERBEROS delegation to access an SQL Server database
>from an ASP.NET application.
> So, I have set up a website, disabled anonymous access and checked the
> windows integrated security.
> In the ASP.NET applicatie, the web config file contains
> <authentication mode="Windows" />
> <identity impersonate="true" />
> Both the IIS and the SQL server are part of a domain. So, when I browse to
> the site using an domain account
> the site will open fine. However, when i try to open a database connection
> using the 'Integrated security=SSPI option i always get the error:
> Login failed for user '(null)'. Reason: Not associated with a trusted SQL
> Server connection.
> When I open the database by using SQL authentication, everything works
> fine.
> On the IIS, the Webservice is running under local system account, and so
> is the SQL Server.
> In AD I have set the 'Trust computer for delegation' flag for both the IIS
> and the SQL as stated in the 'Troubleshoot KERBEROS delegation' document,
> but still without any luck
>
> Does somebody has encountered this problem already ?
>

"Noël Thoelen" <noel@itomni.com> wrote in message
news:O9edINZvEHA.3416@TK2MSFTNGP09.phx.gbl...
>I was looking around in some of the other posts in this newsgoup and
>something came up to me.
> I am using an lmhost file to reach the site. So, the site is not reached
> using DNS. Could this be the problem ?
>
> "Noël Thoelen" <noel@itomni.com> schreef in bericht
> news:eDuamBZvEHA.1984@TK2MSFTNGP14.phx.gbl...
>>I would like to use KERBEROS delegation to access an SQL Server database
>>from an ASP.NET application.
>> So, I have set up a website, disabled anonymous access and checked the
>> windows integrated security.
>> In the ASP.NET applicatie, the web config file contains
>> <authentication mode="Windows" />
>> <identity impersonate="true" />
>> Both the IIS and the SQL server are part of a domain. So, when I browse
>> to the site using an domain account
>> the site will open fine. However, when i try to open a database
>> connection using the 'Integrated security=SSPI option i always get the
>> error:
>> Login failed for user '(null)'. Reason: Not associated with a trusted SQL
>> Server connection.
>> When I open the database by using SQL authentication, everything works
>> fine.
>> On the IIS, the Webservice is running under local system account, and so
>> is the SQL Server.
>> In AD I have set the 'Trust computer for delegation' flag for both the
>> IIS and the SQL as stated in the 'Troubleshoot KERBEROS delegation'
>> document, but still without any luck
>>
>> Does somebody has encountered this problem already ?
>>
>
>

> If you are accessing the site using a name other than registered name, you
> will need to use setSPN.exe and register a new service principal name:
> http://support.microsoft.com/?id=294382
>
> Other things you should read/use to troubleshoot the issue:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
> -and-
> http://www.microsoft.com/downloads/details.aspx?FamilyID=e90fe777-4a21-4066-bd22-b931f7572e9a&DisplayLang=en
>
> You basically need to work your way thoroughly from client through to
> backend SQL Server to make sure everything is setup correctly, eg is IE
> configured to use Kerberos? is IIS sending appropriate authentication
> headers? are SPNs registered correctly? Is delegation enabled properly?
> etc
>
> Cheers
> Ken
>
> "Noël Thoelen" <noel@itomni.com> wrote in message
> news:O9edINZvEHA.3416@TK2MSFTNGP09.phx.gbl...
>>I was looking around in some of the other posts in this newsgoup and
>>something came up to me.
>> I am using an lmhost file to reach the site. So, the site is not reached
>> using DNS. Could this be the problem ?
>>
>> "Noël Thoelen" <noel@itomni.com> schreef in bericht
>> news:eDuamBZvEHA.1984@TK2MSFTNGP14.phx.gbl...
>>>I would like to use KERBEROS delegation to access an SQL Server database
>>>from an ASP.NET application.
>>> So, I have set up a website, disabled anonymous access and checked the
>>> windows integrated security.
>>> In the ASP.NET applicatie, the web config file contains
>>> <authentication mode="Windows" />
>>> <identity impersonate="true" />
>>> Both the IIS and the SQL server are part of a domain. So, when I browse
>>> to the site using an domain account
>>> the site will open fine. However, when i try to open a database
>>> connection using the 'Integrated security=SSPI option i always get the
>>> error:
>>> Login failed for user '(null)'. Reason: Not associated with a trusted
>>> SQL Server connection.
>>> When I open the database by using SQL authentication, everything works
>>> fine.
>>> On the IIS, the Webservice is running under local system account, and so
>>> is the SQL Server.
>>> In AD I have set the 'Trust computer for delegation' flag for both the
>>> IIS and the SQL as stated in the 'Troubleshoot KERBEROS delegation'
>>> document, but still without any luck
>>>
>>> Does somebody has encountered this problem already ?
>>>
>>
>>
>
>