iis security: Impersonation and SQL access (again) -- iis security

You're in the

iis security

group:

Impersonation and SQL access (again)

Al Blake
5/27/2004 6:41:23 PM

iis security:

I have read about 10,000 posts on this topic but still can't get it to work
:(
We are designing a web app under ASP.NET VB that connects to a SQL database.
It needs to connect as the AD user currently using the browser (ie windows
authentication), because we already have all the security setup correctly in
SQL and many of views use the currently connected user to detirmine what to
return.

Setup
Web server: Windows 2003 + IIS6 + ASP.NET + Windows Authentication
web.config contains <identity impersonate="true" />
Trusted for delegation under AD

SQL Server: Windows 2003 + SQL 2000 + SQL and Windows Authentication

We have created a test aspx page that simply displays the name of the
impersonated user and it correctly returns:

domain\user

which changes dependant on who is accessing the browser, exactly as you
would expect.

The problkem occurs when we then try to connect to a SQL database using a
trusted authentication connection string.
The page fails indicating that it cant connect to the SQL DB as user null.
In other words the IIS process has NOT used the user authenticaitonj info to
connect to SQL.

Why not?
I have been working on this for days and run into a brick wall. I thought
once the IIS process was sicessfully impersonating domain\user it would use
those credentials for the SQL connect. Why doesnt it do this?
Al Blake, Canberra, Australia

Re: Impersonation and SQL access (again)

Al Blake
5/27/2004 7:07:57 PM

More info:
Here's the connection string that we are using to try to connect through to
the SQL db:

Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security
Info=False;User ID=sa;Initial Catalog=Media;Data Source=MIDAS

Re: Impersonation and SQL access (again)

Al Blake
5/27/2004 7:29:10 PM

Update:
I've fixed it!

Here's the connect string that works:

Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security
Info=False;User ID=;Initial Catalog=Media;Data Source=MIDAS

I now have the browser user passing through the ASP and being used to
connect to SQL.
neat.
Al.

Re: Impersonation and SQL access (again)

Dario Ronzani
6/10/2004 7:18:14 AM

Hi,

could you send more information on how you resolve your problem? I want
to do the same operation but I don't have a clear idea on how to do.

Specialy you tell about inpersonate what means is neccesary?

Thank a lot for your support.
Bye Dario

*** Sent via Devdex http://www.devdex.com ***

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the iis security group.

View Other Months
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008

home · blog · groups

Questions? Comments? Contact the dn