Pass Integrated Windows credentials to SQL Server w/out Basic Authentication?

Using ASP legacy (not .NET), IIS 6 on Win 2003, SQL is on a different server.

When I turn on Basic Authentication for the site, and enter my Windows Active Directory  user credentials, the database connection works.  When I turn on Integrated Windows Authentication (even leaving Basic enabled), it tries to use NT AUTHORITY\ANONYMOUS LOGON and fails.

Is there anyway around this?  I want it to just work, without having to type in credentials for the user account I'm already logged in as.

My connection string is:
"Provider=SQLOLEDB;Data Source=<server>;Initial Catalog=<database>;Integrated Security=SSPI"

Thanks!
bohitiAsked:
Who is Participating?
 
LunchyCommented:
Closed, 125 points refunded.
Lunchy
Friendly Neighbourhood Community Support Admin
0
 
bohitiAuthor Commented:
Figuring out how I wanted to phrase this question helped me refine my Google searches.  I found the following link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/html/39eaa2b1-1a9c-4dbe-b889-494759fa9115.asp

Quote:
If you use SQL Server's Integrated or Mixed security features, and the SQL Server database resides on a remote server, you will not be able to use integrated Windows authentication. Specifically, you cannot forward integrated Windows authentication credentials to the remote computer. This means that you may have to use Basic authentication, which relies on the user to provide user name and password information.

...Pretty much answers my question.  If anyone has a workaround, I'd love to hear it!
0
 
deighcCommented:
Yes, this is the dreaded double hop limitation of Integrated Authentication.

As far as I know there are no workarounds for SQL Server. The simplest solution is to have IIS and SQL Server running on the same box. Or re-write your app in ASP.NET...

There ARE workarounds for connecting to Exchange (for example) but they're definitely what I'd call hacks.

Here are two more articles from MSDN that explains things further:

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q176/3/79.ASP&NoWebContent=1

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q247/9/31.ASP&NoWebContent=1

Bottom line is that (as far as I know) you're out of luck :-(
0
 
bohitiAuthor Commented:
Thanks deighc.
I'd like to delete the question if no one objects.
0
 
deighcCommented:
No objections from me.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.