Login failed for NT Authority\Anonymous Logon

G

Guest

Hi,

We have an application running on IIS 6.0, on a windows 2003 box. The
back-end database, a SQL Server 2000, runs on anohter server, windows 2000.

We have enabled integrated authentication, and provided the windows account
the appropriate permissions in SQL Server.

If running the application locally on the server, the user authenticates
fine. When accessing the application remotely, a SQL exception, "Login failed
for NT Authority\Anonymous Logon", is thrown.

The website node only allows windows integrated authentication. The
Web.config has been setup correctly to allow identity impersonation and
windows authentication.

Note that we have a number of users who access this applicaiton. They all
belong to one Active Directory group.

From my research, I can see that the issue is related to delegation
permissions, hence the ability to authenticate locally on the server and not
remotely given the extra "hop".

My question is, what are the exact permissions that will need to be set in
order to allow users to authenticate when accessing the application remotely?
What should the identity be for the application pool?

Thanks for your help!

Adnan
 
N

Norman Yuan

It seems obvious that the web app is allowed anonymous access although
accroding to you that the web.config for the web app is configured for
Window authentication and impersonation is enabled.

It is possible that the IIS setup on that web app is not correct. Remember,
ASP.NET is run on top of IIS. So, the IIS must be set up correctly before
ASP.NET App's web.config can work correctly.

To enforce Windows authentication and impersonate the ASP.NET running
account to a diferent (domain or machine) user account (instead of
ASPNET/Network Service), you must not allow anonymous access. In IIS
Manager, right-click the web app and select "Propoerties->Directory
Security", click "Edit..." button in "Authentication..." box, Then in
"Authentication Method" dialog, make sure ONLY "Integrated Windows
authentication" is checked.
 
G

Guest

Hi Norman,

Thanks for your reply.

Only integrated authentication is enabled in IIS; anonymous access IS
disabled. I know for sure that the problem is related to delegation as I
mentioned in my post.

I did come across a solution online:

http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/

I haven't implemented that solution yet, but it does address the exact
problem I am having.

Thanks!

Adnan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Login failed for user "NT AUTHORITY\ANONYMOUS LOGON" 1
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' 1
Login failed for user '(null)' 5
Login failed for user NT AUTHORITY\NETWORK SERVICE 1
a real challange: Login Failed for user 'NT Authority\Anonymous LOGON' 2
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. 3
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON 4
Preventing login as 'NT AUTHORITY\ANONYMOUS LOGON' 10

Top