problem using impersonation

  • Thread starter Thread starter Thomas
  • Start date Start date
T

Thomas

Hi all!

I have an asp.net web application that is configured for dynamic
impersonation via web.config (identity impersonate=true). The corresponding
virtual directory is protected by integrated windows authentication via IIS.

Some pages within my web application access a MS SQL Server database hosted
on a separate server. The database connection string is set to use a trusted
connection. Now the problem is, that sometimes the user's context is not
passed to the SQL server - in this case, I receive the following error
message: "Login for user (null) failed, not associated with a trusted
connection". The problem only occurs for some users, for the majorty of the
users there are no problems.

What might be the problem? In Active Directory, the servers are set to
"trusted for delegation", the web server runs IIS 6 on a Win2003 Server.


Thanks in advance

Thomas
 
Check your SQL server to see if those users with login problems exist in the
database.

Lenny
 
L. L. said:
Check your SQL server to see if those users with login problems exist in the
database.

Lenny
Click to expand...

In my database I only have user groups and roles for these groups. The
affected users are members of the appropriate groups.

Thomas
 
I am sure that it is SQL Server is denying those affected users. Maybe those
users belong to more than one groups or assigned to more than one roles And
if the database denies any one of the groups or any one of the roles does
not have the access to the db then it will fail on the connection.

L.L.
 
L. L. said:
I am sure that it is SQL Server is denying those affected users. Maybe those
users belong to more than one groups or assigned to more than one roles And
if the database denies any one of the groups or any one of the roles does
not have the access to the db then it will fail on the connection.

L.L.
Click to expand...

Currently I think it's a delegation problem - the affected users cannot
connect from a specific computer while it works from another one. And for
95% of the users it works perfectly, although there are some users among
them that are part of the same groups as the affected ones. That's why I
think it's not a role or group problem.

Thomas
 
Back
Top