Solved

permissions with sql server

Posted on 2007-11-19
8
183 Views
Last Modified: 2010-03-19
i want my web ap to be open access, but the actual authentication done on sql server.  do my first screen is a login screen, but when i choose windows authentication is says login failed for user ''.  what do i need to chage in iis in order for it to pick up the actual windows user.  how do i give my website full access for viewing?  this is located on an intranet.  all users can view just limited on the data they can view.  
0
Comment
Question by:Fraser_Admin
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:SQL_SERVER_DBA
ID: 20315167
0
 
LVL 42

Expert Comment

by:dqmq
ID: 20315218
I don't understand your configuration.  Normally, web apps do not see an SQL Server login screen.   Can you please explain, when/where do you get the login screen.  Is it an SQL Server login screen?  Is this a static page or is it ASP?
0
 

Author Comment

by:Fraser_Admin
ID: 20315325
i created the screen to allow people to log in either using windows auth, or to use sql server.  so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 42

Expert Comment

by:dqmq
ID: 20315585
>so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.

That's not how windows auth works.  Windows auth assumes the user is already authenticated by windows and simply passes a token representing that windows account to the backend database.  The database "trusts" that token and grants any permissions that are assigned to it.  Neither a userid, nor a password is actually passed.  

When ASP is involved, it's more complicated because the database connection originates from the IIS account, not from the client account where the user has logged in.  To make this seamless, IIS must be configured to impersonate the windows client so that it passes the client token rather than it's own.

Needless to say, the setup takes planning and effort.  I encourage you to check out this resource which gives a thourough explanation:

http://msdn2.microsoft.com/en-us/library/ms998358.aspx#paght000025_configuringwindowsauthentication

0
 

Author Comment

by:Fraser_Admin
ID: 20319269
i have anonymous unchecked and windows authentication checked in iis.

i have added the 2 tags to web.config for the ap.

when i'm on the test server it works fine.  when i try from anywhere else i get...
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.(18456)
0
 

Author Comment

by:Fraser_Admin
ID: 20319372
i have also turned deleteation on, on my test server.  any other ideas here?
0
 
LVL 42

Accepted Solution

by:
dqmq earned 500 total points
ID: 20322250
I have no other suggestions here, except, that it appears IIS is attempting to use anyonymous despite your claim that it is suppressed (unchecked).
0
 

Author Comment

by:Fraser_Admin
ID: 20322327
i think it is because i have the sql server on one machine and IIS on the other machine.  therefore it is doing a two-hop and not authenticating.  do you have any experience with sql on one machine and IIS on another?
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question