SQL Server 2005 Windows authentication with AppPool running underservice account identity

  • Thread starter Thread starter JM_newsgroups
  • Start date Start date
J

JM_newsgroups

My web application is successfully running under the identity of a
service account.

The connection string in my web.config is similar to:

<add name="connStr1" connectionString="Data Source=serverA\sql01;
Initial Catalog=DB_A; Trusted_Connection=yes"
providerName="System.Data.SqlClient" />

Unless I specify the userName and the password in the <identity
impersonate="true"> section, I receive:
"Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON''"

I want to get all the passwords out of my web.config, and MSDN
indicates that if you configure your application pool to use an
identity, you can just use <identity impersonate="true"> with no
passwords.

I don't know if this is the "double-hop" issue, but does anybody know
if I need constrained delegation/Kerberos in this situation?

Thanks!
 
setting <identity impersonate="true"> means, do not use the app pool account,
but rather the account iis is using for the request (the user account or
anonymous if anonymous access allowed). in you case it looks like the iis
anonymous account is being used by iis.

remove the <identity impersonate="true"> and then make sure the pool
account is a domain account with access to the sqlserver.


-- bruce (sqlwork.com)
 
remove the  <identity impersonate="true"> and then make sure the pool
account is a domain account with access to the sqlserver.

-- bruce (sqlwork.com)
Thank you, Bruce. That worked. I think I may have tried this, but I
was probably on my local instance of IIS where I don't have the same
application pool configured.

Regards,

Jay
 
Back
Top