tags:

views:

907

answers:

4
+1  Q: 

SQL Server and windows authentication in IIS7

I'm trying to get an ASP.NET website running on Vista (IIS7), using SQL Server and Windows Authentication. No matter what I do, when I connect to the database, I get the exception:

    SqlException was unhandled
    Login failed for user 'MyDomain\MachineName$'.

It doesn't seem to matter what settings I apply, I cannot get IIS7 to pass through my Windows login credentials.

Extra details:

  • Both the SQL Server and my local machine are on ActiveDirectory
  • Vista Enterprise, IIS7
  • SQL Server 2005
  • Anonymous Authentication disabled, Windows Authentication enabled
  • Impersonation on/off makes no difference
  • All Identities (NetworkService, LocalSystem, etc) give the same result
  • Classic and integrated pipelines give the same result

Help!

A: 

Did you try to create a new user account for your application, grant it the appropriate rights on the Sql Server, and then set the application pool to run under this new account? This is what I usually do, and it works. I'm not running my application under NetworkService, LocalSystem or other builtin accounts.

treaschf  2009-12-04 14:27:08
Well no; but I need to use the integrated Windows Authentication in order to work out who the user of the application is. Usually I would do the same thing, otherwise! :-)
gerrod  2009-12-06 11:25:21
A: 

By default, the IIS server is not allowed to impersonate you towards the SQL Server. There's an MSDN article on how to configure it. The configuration process is complex and error prone.

If your production ISS and SQL Server run on different servers, you'll need a domain admin to configure impersonation trust between the two servers. This is typically a no-go in a big organization.

In addition to not being deployed by normal admins, impersonation also prevents users from sharing their connections in the SQL connection pool. This results in a very noticeable performance penalty for even small (5+ users) websites.

Andomar  2009-12-04 14:34:33
OK, thanks for the tip. To be honest I just want to get it working on my local machine; once it gets deployed I'll leave it to the network admins to work it out :-)
gerrod  2009-12-06 11:26:26
A: 

Does your connection string contain Integrated Security=SSPI?

Have you switched the asp.net context to be a domain user as well?

Here is an MSDN article on this topic

http://msdn.microsoft.com/en-us/library/2xzyzb0f.aspx

Raj More  2009-12-04 14:36:19
Integrated security will cmause IIS to authenticate as itself, typically `IUSR_ComputerName`
Andomar  2009-12-04 14:40:56
+3  A: 

Impersonation on/off makes all the difference, when properly configured. What you want is caled 'constrained delegation' and you need to configure IIS and ASP for it:

Remus Rusanu  2009-12-04 16:35:36
This sounds like the ticket, thanks Remus. I'll try this when I get back to work tomorrow!
gerrod  2009-12-06 11:24:20

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?