Results 1 to 14 of 14
  1. #1
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Authentication issues

    I have an intranet web site installed on our web server (Server A) and it uses the SQL database from our SQL server (Server [img]/forums/images/smilies/cool.gif[/img]. Our end user (Mr. Mouse) opens the application. Server A responds and Mr. Mouse sees the menu screen. However, if Mr. Mouse tries to open a form where the data resides on Server B, instead of Server B seeing Mr. Mouse's machine name (MMouse), it sees Server A's machine name (ServerA) and returns "Login failed for user 'DNAME(domain name)ServerA$'

    The web site is registered in IIS 6.0 The SQL database is SQL2000. We've tried in IIS various authentication modes - none, Windows Authentication (which should be working but isn't), digest, and basic but nothing has worked. Right now it's in Windows Authentication. The only way we can get Mr. Mouse to be able to use the application is to set up a dummy user on the Server B, and then put this dummy user in the web.config on the aspx application(under identity impersonate). Unfortunately, this isn't what we want as sometimes Mr. Mouse should be restricted from seeing all the data. I've also tried to put Mr. Mouse in the Allow Users on the web.config but it didn't make any difference. <img src=/S/hairout.gif border=0 alt=hairout width=31 height=23>

    Oddly enough, the test server where I have the application and SQL 2000 works just fine. Any suggestions? <img src=/S/please.gif border=0 alt=please width=31 height=23>
    Carpy Diem, it&#39;s .

  2. #2
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    Brookings, South Dakota, USA
    Posts
    449
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Hi Peggy,
    A couple of questions:
    Are you using DotNet 1.1 or 2.0 (VS 2003 or 2005)?
    What is your connection string?
    Is this "Login failed for user 'DNAME(domain name)ServerA$" the entire error message?

    You also may want to check out this KnowledgeBase article KB812614
    or this one KB316989

    I know that using mixed mode or sql authentication will correct this, but I don't think that is the answer to your request.
    <IMG SRC=http://www.wopr.com/w3tuserpics/gdrezek_sig.jpg>
    "Those who dance are considered insane by those who can't hear the music" - George Carlin

  3. #3
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    gdrezek,

    Thanks! I'll check out the kb articles....I'm using 1.1 (sp1) and vb, the error message (in most of its entirety) is:

    Login failed for user (domain nameServerA$"

    An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Then the stack trace displays the usual trying-to-open-the-connection stuff

    my connection is

    Dim myConnection as New SqlConnection("server=(server 2);database=(the SQL database);Trusted_Connection=yes")

    Does this help?
    Carpy Diem, it&#39;s .

  4. #4
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Can you tell us about your SQL Authentication situation? Do you have individual user accounts set up as SQL Logins, or are you using Active Directory groups for the SQL security?

    If I understand your goal (user only sees data they are authorized to see), the general way to set it up would be this:
    - Set the Web.config to Identity Impersonate = true
    - Set the IIS Permissions to Integrated Windows Authentication (disable anonymous access)
    - Use a trusted connection for your SQL Connection (you may also want to try Integrated Security = SSPI
    - Be sure your users each have individual logins to SQL Server or are part of AD groups that have SQL Logins (By "SQL Login" I actually mean to use Windows Authentication in SQL rather than a SQL-only login.)

  5. #5
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Mark,

    I put the identity into the web.config, set the IIS permissions to disable the anonymous access and verified the trusted connection. Since the user is me, I knew that I didn't have to check the SQL login. When I fired off the application, it showed me a login screen (which we don't want, but I guess maybe the icon can be manipulated?), then it said:

    System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITYANONYMOUS LOGON'.

    Does this make sense?
    Carpy Diem, it&#39;s .

  6. #6
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Can you paste the entire Authentication and Authorization sections of your web.config?

    What do you mean by login screen? Do you mean the standard Windows Login dialog? Or is there some other login form in your web application?

  7. #7
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Mark,

    2. The login screen is the standard Windows Login dialog

    1. here you go (I took out the tcip string as it's a static ip address and I don't think I want to publish it to the world) - I'm sending it as an attachment because I can't copy/paste here
    Attached Files Attached Files
    Carpy Diem, it&#39;s .

  8. #8
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Great - that looks like it should be exactly what you need.

    The next thing I would check is SQL Server. How are you handling the login? Can you describe what's happening there?

  9. #9
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Mark,

    Basically nothing is happening on the sql server. I tried a SQL Profiler and then opened a page that was supposed to be querying the server. The profiler log didn't even show that the anonymous user even tried to log in, let alone got locked out. Does this make sense?
    Carpy Diem, it&#39;s .

  10. #10
    4 Star Lounger
    Join Date
    Jan 2002
    Location
    Brookings, South Dakota, USA
    Posts
    449
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Hi Peggy,
    Mark is going where eventually I would've been heading, so I'll take a back seat and defer to the more expert view. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    But I do have one more question, and please forgive me if it's simplistic, but are these machines all in the same domain? The reason I ask is because of something you said in your initial post:
    <hr>The only way we can get Mr. Mouse to be able to use the application is to set up a dummy user on the Server B, and then put this dummy user in the web.config on the aspx application(under identity impersonate). <hr>
    <IMG SRC=http://www.wopr.com/w3tuserpics/gdrezek_sig.jpg>
    "Those who dance are considered insane by those who can't hear the music" - George Carlin

  11. #11
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Actually, I was asking about the security settings in SQL. Since you're telling your web appliation to impersonate the user, then you'll need to have a way to let the user log ingo SQL Server.

    If I understand correctly, your goal is to have the users get into SQL with their own logins, right? Of course, if you're OK with connecting to SQL with the anonymous account, then you'll need to make some changes.

    Also, Gary's question is excellent - can you verify that all boxes are on the same domain? That would definitely make a difference!

    Stay with it - we'll get it working!!

  12. #12
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    gdrezek,

    Yes, all the machines are in the same domain. I just disguise the potentially damaging user names and servers with variations of my favorite Disney character, but if there was a Mr. Mouse, then he would be in the domain Disney/MMouse. When I referred to the dummy user - we set up a dummy user login on the SQL server, set the Impersonate=true and set the domain name and password to be this dummy user and dummy password. Then when Server A went to contact Server B, it knew to impersonate the dummy user. Does this make sense?

    I was talking with a colleague and since the aspx applications are working just fine on the test server (where it's not trying to talk its way to another server), perhaps we need to just store these internal applications on a dedicated server and then I can program as many as I want without the IIS stuff.
    Carpy Diem, it&#39;s .

  13. #13
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Hi Peggy,

    I think you've hit on the problem. If you're using Impersonation, the identity of the logged in user is being passed to SQL. It sounds like you do not have separate accounts on SQL that match the logged-in users.

    If you want to use a special SQL account for database access, then you either need to build that into your connection string (instead of using Trusted_Connection or Integrated Security) or set impersonation to false and make sure the identity of the App Pool running the site in question is set to the same user account that you want to have logging into SQL Server.

  14. #14
    3 Star Lounger
    Join Date
    Jul 2001
    Location
    Minneapolis, Minnesota, USA
    Posts
    299
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Authentication issues

    Mark (and Gdrezek),

    Sorry I didn't let you know if I was successful sooner. I ended up setting up a user that had proper permissions, and then I took the impersonate off and put the user/password in the path with integrated security. I also (and I know I have to blow this off and start over, anyway because the person who was helping me set this up neglected to understand that I have several applications to convert, not just the one), set the IIS name and password to be the user I set up. I know this is a big no-no, but then I was able to open the forms and see the data. Unfortunately, when I tried to set up an icon to open the application, it failed. So when I'm able to do some more work with the IIS part, I'm hoping to better understand the set up.

    Note to Mark - I can't do anything right now because you know who is doing you know what and I can't get on the server.

    Thanks for all your support and suggestions! They really helped! <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>
    Carpy Diem, it&#39;s .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •