.NETGURU
  Search:  
NamespacesDiscussions.NET v1.1Dot Net Guru's BlogIT Certification
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
Messages   Related Types
This message was discovered on microsoft.public.dotnet.distributed_apps.

Post a new message to this list...

Brad Simon
I am creating a distributed app, and I am having a problem with the user's
identity getting propagated to the SQL server.

Here is the layout:
Windows App --> Web Service --> DLL --> SQL server 2000

Windows App is on WIN XP Pro, with logged on user.

Web service on a w2K3 server, using integrated authentication, web.config
file set up for windows authentication / impersonate='true' / deny='?'. The
web service runs under it's own App Pool, and the App Pool runs under the
network service account.

DLL on same server as web service

SQL server 2000 on W2K server.

All works great on my development box. We just moved the web services to a
development web server, and that is when it breaks. I get the error: Login
failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

I know the user's identity gets to the web service, as the EMAB (Exception
Management Application Block) has logged the user name and domain properly.
We also have other web services configured in the same manner that work fine,
as they don't go a SQL server.

I see many posts on this subject, but no answer has helped me out. I look
forward to many correct answers :)

Thanks,

--
Thanks,
Brad Simon
Reply to this message...
 
    
Sam Santiago
Propagating security context is always tricky. Do you want the Windows App
user login to propagate throughout? This might work in a LAN environment.
Try these things:

1) Turn off anonymous access to the website hosting your web server. Use
only Integrated Windows Authentication.
2) Add the following to the web.config:

<identity impersonate="true"/>
<authentication mode="Windows" />

3) The connect string to the SQL Server database should use integrated
security:

myConn = New SqlConnection("Initial Catalog=<dbname>;Data
Source=<servername>;Integrated Security=SSPI;")

This means that each application user will have to have a SQL Server login
defined as well. I'm not sure doing all this would work, but it should get
you closer.

You might want to use a known login for access to the db from the web
service. Assuming the DLL is a .NET assembly you could create an app.config
file that stores the connection string parameters using SQL Server login vs.
Integrated login. The DLL would use this information to create the login.
This can also help you track sessions on SQL Server related to your web
service use.

Here's an article with plenty of information:

ASP.NET Authentication and Authorization
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod03.asp?frame=true

Thanks,

Sam

--
_______________________________
Sam Santiago
Click here to reveal e-mail address
http://www.SoftiTechture.com
_______________________________
"Brad Simon" <Click here to reveal e-mail address> wrote in message
news:Click here to reveal e-mail address...
[Original message clipped]
Reply to this message...
 
    
Brad Simon
"Sam Santiago" wrote:

[Original message clipped]


This might work in a LAN environment.
[Original message clipped]


I want the security token to delegate all the way through the application.
It uses the logged in user's name in SQL for Audit tracking.

[Original message clipped]

Thanks for the link, I hope I can work with the delegation part on this
network.
[Original message clipped]
Reply to this message...
 
 
System.Data.SqlClient.SqlConnection




ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
Ad


Need Dot Net Interview Questions?
Ask ExamGuru, Inc. for advice and help on Passing .Net Interviews
.Net Projects
Best-of-breed application framework for .NET projects, developed by ExamGuru, Inc. and ExamGuru IT
Free .net Help
Commission ExamGuru, Inc. and his team for your next bespoke software project
FogBUGZ
The only bug tracking system carefully crafted with one goal in mind: helping teams create great software.
Awesome Tools
If you don't know about these, you're missing out... IT Certification Questions
IT Interview Questions
Free Oracle 10g Training
MCSE Boortcamp
Cisco Study Guides
Cheap Study Guides
Exact Questions
Dot Net Interview Questions
Oracle OCP
Cheap Travel
Designer Perfumes - Wholesale Prices
Free Programming Tutorials
 
ExamGuru IT Solutions - .Net Guru is owned and operated by ExamGuru, Inc., the man behind .Net Guru. If you're in the market for bespoke software or software consultancy, why not get him and his highly trained team to help? - www.examguru.net/ITCertification
 Copyright © ExamGuru, Inc. 2001-2006
Contact Us - Terms of Use - Privacy Policy - www.dot-net-guru.com - www.examguru.net - www.oraclesource.net - www.itinterviews.net - www.examguru.net/ITCertification