Solved

how do I use the windows user in a webservice?

Posted on 2008-06-23
3
171 Views
Last Modified: 2010-04-15
I have a project with a webserice.  I was using a hardcoded username in my connection string.  My tables in my db have a createdby and modified by field.  I don't pass them in, since the default value is (suser_sname()).  Basically it would fill in the username for me.  It worked on my dev machine, but not on the server.  

I changed the iis settings to use Integrated Windows.  When I run my app, it says I can't connect to the db
for user "mydoman\the computer name the webservice is running on".  How do I get the webservice to use the username of the person using the app?
0
Comment
Question by:jackjohnson44
  • 2
3 Comments
 
LVL 33

Expert Comment

by:raterus
ID: 21847622
Turn back on Integrated Windows Authentication, this is what you need to use.  

Is your DB on a different computer than your webserver?  If that is the case, you need to enable Delegation on your webserver.  This is the "ok" in active directory for the webserver to pass along the credentials of your user to another server.

http://support.microsoft.com/default.aspx?scid=kb;en-us;810572
0
 

Author Comment

by:jackjohnson44
ID: 21856825
My db is on a different server.  I have active directory and tried the suggestion in the link that mentioned but it looks like the webservice is trying to use it's computer name as the username in sql server.  Do you have any more advice?
0
 
LVL 33

Accepted Solution

by:
raterus earned 500 total points
ID: 21856965
First off, this isn't a simple set a few settings and it'll magically work.  There is a very detailed setup here, and you really need to understand how it all fits together to be able to get this to work.

If you checked the "Allow Delegation" tab in active directory users and computers, then your next step is to restart your webserver.  This is an unwritten gotcha about this setting.

Does your webserver/service use a fully-qualified domain name, e.g "myserver.mydomain.com", if that's the case then you need to add SPNs to active directory.

You also need <identity impersonate="true" /> in web.config

You must ONLY have integrated windows impersonate in IIS checked, no anonymous

Those are a few more things in this, so let me know what you find.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now