Solved

permissions with sql server

Posted on 2007-11-19
8
177 Views
Last Modified: 2010-03-19
i want my web ap to be open access, but the actual authentication done on sql server.  do my first screen is a login screen, but when i choose windows authentication is says login failed for user ''.  what do i need to chage in iis in order for it to pick up the actual windows user.  how do i give my website full access for viewing?  this is located on an intranet.  all users can view just limited on the data they can view.  
0
Comment
Question by:Fraser_Admin
  • 4
  • 3
8 Comments
 
LVL 16

Expert Comment

by:SQL_SERVER_DBA
ID: 20315167
0
 
LVL 42

Expert Comment

by:dqmq
ID: 20315218
I don't understand your configuration.  Normally, web apps do not see an SQL Server login screen.   Can you please explain, when/where do you get the login screen.  Is it an SQL Server login screen?  Is this a static page or is it ASP?
0
 

Author Comment

by:Fraser_Admin
ID: 20315325
i created the screen to allow people to log in either using windows auth, or to use sql server.  so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 42

Expert Comment

by:dqmq
ID: 20315585
>so when they choose windows auth, i need to use the userid and pwd that they are currently logged onto their box with.

That's not how windows auth works.  Windows auth assumes the user is already authenticated by windows and simply passes a token representing that windows account to the backend database.  The database "trusts" that token and grants any permissions that are assigned to it.  Neither a userid, nor a password is actually passed.  

When ASP is involved, it's more complicated because the database connection originates from the IIS account, not from the client account where the user has logged in.  To make this seamless, IIS must be configured to impersonate the windows client so that it passes the client token rather than it's own.

Needless to say, the setup takes planning and effort.  I encourage you to check out this resource which gives a thourough explanation:

http://msdn2.microsoft.com/en-us/library/ms998358.aspx#paght000025_configuringwindowsauthentication

0
 

Author Comment

by:Fraser_Admin
ID: 20319269
i have anonymous unchecked and windows authentication checked in iis.

i have added the 2 tags to web.config for the ap.

when i'm on the test server it works fine.  when i try from anywhere else i get...
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.(18456)
0
 

Author Comment

by:Fraser_Admin
ID: 20319372
i have also turned deleteation on, on my test server.  any other ideas here?
0
 
LVL 42

Accepted Solution

by:
dqmq earned 500 total points
ID: 20322250
I have no other suggestions here, except, that it appears IIS is attempting to use anyonymous despite your claim that it is suppressed (unchecked).
0
 

Author Comment

by:Fraser_Admin
ID: 20322327
i think it is because i have the sql server on one machine and IIS on the other machine.  therefore it is doing a two-hop and not authenticating.  do you have any experience with sql on one machine and IIS on another?
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question