Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

permissions with sql server

Posted on 2007-11-19
8
Medium Priority
?
212 Views
Last Modified: 2010-03-19
i want my web ap to be open access, but the actual authentication done on sql server.  do my first screen is a login screen, but when i choose windows authentication is says login failed for user ''.  what do i need to chage in iis in order for it to pick up the actual windows user.  how do i give my website full access for viewing?  this is located on an intranet.  all users can view just limited on the data they can view.  
0
Comment
Question by:Fraser_Admin
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:SQL_SERVER_DBA
ID: 20315167
0
 
LVL 42

Expert Comment

by:dqmq
ID: 20315218
I don't understand your configuration.  Normally, web apps do not see an SQL Server login screen.   Can you please explain, when/where do you get the login screen.  Is it an SQL Server login screen?  Is this a static page or is it ASP?
0
 

Author Comment

by:Fraser_Admin
ID: 20315325
i created the screen to allow people to log in either using windows auth, or to use sql server.  so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 42

Expert Comment

by:dqmq
ID: 20315585
>so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.

That's not how windows auth works.  Windows auth assumes the user is already authenticated by windows and simply passes a token representing that windows account to the backend database.  The database "trusts" that token and grants any permissions that are assigned to it.  Neither a userid, nor a password is actually passed.  

When ASP is involved, it's more complicated because the database connection originates from the IIS account, not from the client account where the user has logged in.  To make this seamless, IIS must be configured to impersonate the windows client so that it passes the client token rather than it's own.

Needless to say, the setup takes planning and effort.  I encourage you to check out this resource which gives a thourough explanation:

http://msdn2.microsoft.com/en-us/library/ms998358.aspx#paght000025_configuringwindowsauthentication

0
 

Author Comment

by:Fraser_Admin
ID: 20319269
i have anonymous unchecked and windows authentication checked in iis.

i have added the 2 tags to web.config for the ap.

when i'm on the test server it works fine.  when i try from anywhere else i get...
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.(18456)
0
 

Author Comment

by:Fraser_Admin
ID: 20319372
i have also turned deleteation on, on my test server.  any other ideas here?
0
 
LVL 42

Accepted Solution

by:
dqmq earned 1500 total points
ID: 20322250
I have no other suggestions here, except, that it appears IIS is attempting to use anyonymous despite your claim that it is suppressed (unchecked).
0
 

Author Comment

by:Fraser_Admin
ID: 20322327
i think it is because i have the sql server on one machine and IIS on the other machine.  therefore it is doing a two-hop and not authenticating.  do you have any experience with sql on one machine and IIS on another?
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question