Solved

permissions with sql server

Posted on 2007-11-19
8
192 Views
Last Modified: 2010-03-19
i want my web ap to be open access, but the actual authentication done on sql server.  do my first screen is a login screen, but when i choose windows authentication is says login failed for user ''.  what do i need to chage in iis in order for it to pick up the actual windows user.  how do i give my website full access for viewing?  this is located on an intranet.  all users can view just limited on the data they can view.  
0
Comment
Question by:Fraser_Admin
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:SQL_SERVER_DBA
ID: 20315167
0
 
LVL 42

Expert Comment

by:dqmq
ID: 20315218
I don't understand your configuration.  Normally, web apps do not see an SQL Server login screen.   Can you please explain, when/where do you get the login screen.  Is it an SQL Server login screen?  Is this a static page or is it ASP?
0
 

Author Comment

by:Fraser_Admin
ID: 20315325
i created the screen to allow people to log in either using windows auth, or to use sql server.  so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 42

Expert Comment

by:dqmq
ID: 20315585
>so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.

That's not how windows auth works.  Windows auth assumes the user is already authenticated by windows and simply passes a token representing that windows account to the backend database.  The database "trusts" that token and grants any permissions that are assigned to it.  Neither a userid, nor a password is actually passed.  

When ASP is involved, it's more complicated because the database connection originates from the IIS account, not from the client account where the user has logged in.  To make this seamless, IIS must be configured to impersonate the windows client so that it passes the client token rather than it's own.

Needless to say, the setup takes planning and effort.  I encourage you to check out this resource which gives a thourough explanation:

http://msdn2.microsoft.com/en-us/library/ms998358.aspx#paght000025_configuringwindowsauthentication

0
 

Author Comment

by:Fraser_Admin
ID: 20319269
i have anonymous unchecked and windows authentication checked in iis.

i have added the 2 tags to web.config for the ap.

when i'm on the test server it works fine.  when i try from anywhere else i get...
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.(18456)
0
 

Author Comment

by:Fraser_Admin
ID: 20319372
i have also turned deleteation on, on my test server.  any other ideas here?
0
 
LVL 42

Accepted Solution

by:
dqmq earned 500 total points
ID: 20322250
I have no other suggestions here, except, that it appears IIS is attempting to use anyonymous despite your claim that it is suppressed (unchecked).
0
 

Author Comment

by:Fraser_Admin
ID: 20322327
i think it is because i have the sql server on one machine and IIS on the other machine.  therefore it is doing a two-hop and not authenticating.  do you have any experience with sql on one machine and IIS on another?
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question