Getting Challenged when using SQL connection on .aspx page

[Guest]

Have SQL server on one machine. Have IIS on another machine in same large
intranet. Have website in IIS with Basic Authentication turned on and other
options deselected. Have webpage (.aspx) with following connection in the
web.config file

<add name="NorthwindConnectionString1" connectionString="Data
Source=VHAV16PLAN1;Initial Catalog=Northwind;Integrated Security=SSPI"
providerName="System.Data.SqlClient" />

Have following added to systemweb element

<identity impersonate="true"/>

I have account to the database on the SQL server. Am logged on to machine on
the same intranet using that account login.

When I try to open the webpage in IE7. I am getting a request for me to
enter my user name and password. After entering it, I am able to see the data
from the SQL connection in the datagrid on the webpage.

I would like the webpage to pass my login credentials directly to the SQL
Server without having to enter it manually. How do I accomplish this???

I want others who have the same access permissions to SQL data to be able to
be recognized automatically also??

Basically, I want the webpage to pass the login token to the SQL
automatically.

Help

 

[George Ter-Saakov]

do not use Basic Authentication.
Use NT Authentication.

George.

 

[Guest]

That is not an available option.

do not use Basic Authentication.
Use NT Authentication.

George.

 

[Guest]

switch to using a SQL Server login, and ensure that SQL Server MIXED MODE
authentication is enabled.
Peter

 

[Guest]

Mixed Mode is enabled. As you can see in the code i posted, i have used
integrated security=sspi. Do i need to add Trusted_Connection=true? What I
have read says that they are the same.

 

[Guest]

Ray,
A SQL Server login connection string:

"server=yourserver;database=yourdatabase;uid=yourlogin;pwd=yourpassword;"

No SSPI, no "trusted connection". Keep it simple.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net

 

[Guest]

Wont that allow anyone who hits the webpage to access the data? I only want
people in those groups that are allowed access to the tables to be able to
see the tables. Just want the login token to be passed, without having to
reenter the login required by the webpage after we have already logged into
the network.

 

[Guest]

Think I replied too quickly. Do you think the integrated security = sspi is
causing the issue?

 

[Guest]

Yes it will, and it's more efficient since the connection string is the same
with all users, which means you'll be efficiently using the ADO.NET
connection pool.
If you want to restrict users from "doing certain stuff", consider
controlling that through Forms Authentication on your web app with Membership
and Roles providers.
Peter

--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net

 

[Guest]

Sorry to be asking stuff i can test for myself, but i will not have access to
the network until monday and want to be ready.

What would happen if i removed integrated security=sspi from the connection
string and also removed identity impersonate="true" then changed the settings