NT Authentication not getting passed to business objects

[admlangford]

Hello, we have an ASP.NET website which uses NT authentication to
authenticate against an AD server.

We then have a set of business objects which are used to store /
retrieve information into database tables.

The business objects retrieve the connection string from the
web.config and use Integrated Security to connect to the database

e.g our connection string looks like the following

Data Source=MSSQLSERVER;Initial Catalog=DatabaseName;Integrated
Security=True

The problem we are having is that the business object is not
inheriting the NT login/ password from the logged in user but tries to
run as the local account. As such the database login fails.

Any ideas welcome
Thanks
Adam

 

[Nicholas Paldino [.NET/C# MVP]]

Adam,

Do you have the impersonation attribute set to true in the identity
element in the web.config file:

http://msdn2.microsoft.com/en-us/library/72wdk8cc.aspx

 

[admlangford]

Adam,

Do you have the impersonation attribute set to true in the identity
element in the web.config file:

http://msdn2.microsoft.com/en-us/library/72wdk8cc.aspx

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hello, we have an ASP.NET website which uses NT authentication to
authenticate against an AD server.

We then have a set of business objects which are used to store /
retrieve information into database tables.

The business objects retrieve the connection string from the
web.config and use Integrated Security to connect to the database

e.g our connection string looks like the following

Data Source=MSSQLSERVER;Initial Catalog=DatabaseName;Integrated
Security=True

The problem we are having is that the business object is not
inheriting the NT login/ password from the logged in user but tries to
run as the local account. As such the database login fails.

Any ideas welcome
Thanks
Adam- Hide quoted text -

- Show quoted text -

Hi, we have the following set in the web.config

identity impersonate="true

but no username / password associated with it. We would like the
business object to execute as the currently logged in user not as a
single specified user.

Thanks again
Adam

 

[Willy Denoyette [MVP]]

Hello, we have an ASP.NET website which uses NT authentication to
authenticate against an AD server.

We then have a set of business objects which are used to store /
retrieve information into database tables.

The business objects retrieve the connection string from the
web.config and use Integrated Security to connect to the database

e.g our connection string looks like the following

Data Source=MSSQLSERVER;Initial Catalog=DatabaseName;Integrated
Security=True

The problem we are having is that the business object is not
inheriting the NT login/ password from the logged in user but tries to
run as the local account. As such the database login fails.

Any ideas welcome
Thanks
Adam

This works only when you have set-up Kerberos Authentication, which implies
:
- that you are running in a pure Kerberos realm, that is, you must be sure
Kerberos is used as Authentication protocol, NTLM will no do.
- that you have set the Webserver (IIS Server) as being trusted for
delegation
- that your clients are all running IE and all have "Windows Authentication"
enabled.
- and that you have correctly registered a SPN for SQL Server.

Note that it makes no sense to authenticate against an AD , authentication
will be done implicitly in such a scenario .
Note also that this way you throw away the advantages offered by "Connection
Pooling", each client uses it's own non-pooled physical connection.
Please consult SQL BOL for details on How to Enable Kerberos Authentication
for SQL Server (SQL2000 SP3 and up).

Willy.