Windows authentication bug?

[Guest]

My web.config contains:
<authorization>
<deny users="?" />
</authorization>

<authentication mode="Windows" />
<identity impersonate="true" userName="" password="" />

My connection string in page.aspx.vb contains:

oSQLConn.ConnectionString = "Data Source=" & Server & "," & PortNo &
";Initial Catalog=master;Integrated Security=SSPI;"

When the connection is opened:
oSQLConn.Open()

No matter what I do it always passes anonymous user instead of logged on
user and fails to open the connection. Only if I edit web.config and supply
userName & password

<identity impersonate="true" userName="myname" password="mypassword" />

then the connection is opened with supplied credentials.

Is this a bug? Is there a workaround? Am I missing something?
I'm sure bunch of ppl had to run into this problem. How did you fix it?



Machuga

 

[Mythran]

My web.config contains:
<authorization>
<deny users="?" />
</authorization>

<authentication mode="Windows" />
<identity impersonate="true" userName="" password="" />

My connection string in page.aspx.vb contains:

oSQLConn.ConnectionString = "Data Source=" & Server & "," & PortNo
&
";Initial Catalog=master;Integrated Security=SSPI;"

When the connection is opened:
oSQLConn.Open()

No matter what I do it always passes anonymous user instead of logged on
user and fails to open the connection. Only if I edit web.config and
supply
userName & password

<identity impersonate="true" userName="myname" password="mypassword" />

then the connection is opened with supplied credentials.

Is this a bug? Is there a workaround? Am I missing something?
I'm sure bunch of ppl had to run into this problem. How did you fix it?



Machuga

In IIS you need to disable anonymous authentication and make sure integrated
windows authentication is enabled for the virtual directory your application
resides...

HTH,
Mythran

 

[Guest]

Hi Mythran
Yes, IIS has anonymous disabled. Wierd thing is that if I set a connection
string in web.config:

<connectionStrings>
<add name="BUITConnectionString" connectionString="Data
Source=ServerName,2048;Initial Catalog=master;Integrated Security=SSPI"
providerName="System.Data.SqlClient"/>
</connectionStrings>

Then it works fine, but a connection from page in code behind does not.

Thanks for your help
Machuga

 

[Guest]

Machuga,
Try changing the IntegratedSecurity property to "none" or "false" ... and
run your code again.

 

[Guest]

Hi Sashidhar,

Your solution gives an expected error:
Login failed for user ''. The user is not associated with a trusted SQL
Server connection.

Let me make sure that you understand, that I have a connection string to a
fixed SQL server in web.config that is reading data into a dropdown box
control when page is loaded (that connection works). Upon selection from
dropdown box ( that contains over 500 SQL server names) is passed to a
connection string in code behind page. I have T-SQL code that needs to be
executed on any of those 500 boxes with credentials of a logged in user. That
connection is trying to use anonymous user and fails.
When username and password is supplied in web.config then the connection
works but it uses a that fixed user from web.config instead of logged in user
to connect to the sql boxes.


Thanks for trying
Mchuga

 

[Guest]

At this point I'm assuming that this is one of those questions that none of
th MVPs want's to touch.
Can anybody point me to the right resource though?
Anything written in all my smart books or found on the web is inconclusive.

I appreciate any help

Thank you
Machuga

 

[Juan T. Llibre]

See if the info in this resource helps :

http://msdn2.microsoft.com/en-us/library/ms998355.aspx

There's an alternate method at :

http://msdn2.microsoft.com/en-us/library/ms998358.aspx




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
===================================

 

[Guest]

Thank you Juan for your post.

I've been through those links last week. Everything I got setup is in
accordance with those gudielines.

I noticed that everything on the box that runs IIS and local SQL instance is
authenticating fine. It is when IIS is trying to open connection to a remote
SQL server, thats when authentication is passed as "anonymous". For some
reason it will not carry the credentials of logged in user, but tries to
connect as anonymous.

I'm not sure is this a bug or is this by design.
If it is by design then Microsoft is surley hiding resolution for this
really well, as I have been searching high and low to no avail.

I just can't picture that I'm the only one that needs IIS app. to connect to
a remote SQL server using windows authentication.

Thank you
Machuga