Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 179
  • Last Modified:

how do I use the windows user in a webservice?

I have a project with a webserice.  I was using a hardcoded username in my connection string.  My tables in my db have a createdby and modified by field.  I don't pass them in, since the default value is (suser_sname()).  Basically it would fill in the username for me.  It worked on my dev machine, but not on the server.  

I changed the iis settings to use Integrated Windows.  When I run my app, it says I can't connect to the db
for user "mydoman\the computer name the webservice is running on".  How do I get the webservice to use the username of the person using the app?
0
jackjohnson44
Asked:
jackjohnson44
  • 2
1 Solution
 
raterusCommented:
Turn back on Integrated Windows Authentication, this is what you need to use.  

Is your DB on a different computer than your webserver?  If that is the case, you need to enable Delegation on your webserver.  This is the "ok" in active directory for the webserver to pass along the credentials of your user to another server.

http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
0
 
jackjohnson44Author Commented:
My db is on a different server.  I have active directory and tried the suggestion in the link that mentioned but it looks like the webservice is trying to use it's computer name as the username in sql server.  Do you have any more advice?
0
 
raterusCommented:
First off, this isn't a simple set a few settings and it'll magically work.  There is a very detailed setup here, and you really need to understand how it all fits together to be able to get this to work.

If you checked the "Allow Delegation" tab in active directory users and computers, then your next step is to restart your webserver.  This is an unwritten gotcha about this setting.

Does your webserver/service use a fully-qualified domain name, e.g "myserver.mydomain.com", if that's the case then you need to add SPNs to active directory.

You also need <identity impersonate="true" /> in web.config

You must ONLY have integrated windows impersonate in IIS checked, no anonymous

Those are a few more things in this, so let me know what you find.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now