tags:

views:

1709

answers:

5
Q: 

Connecting to SQL with ANONYMOUS LOGON since switch to IIS7

Hello, I've recently had my PC upgraded to Vista, which means it includes IIS7. The problem is that the ASP.NET website we're working on doesn't work anymore. I get an error because the application is trying to connect to the SQL Server with NT AUTHORITY/ANONYMOUS LOGON instead of my domain user, and anonymous isn't authorized. I've tried several things, but no solution yet: - install and enable the 'IIS Metabase and IIS 6 configuration compatibility' - enable Windows Authentication for this website - created a different Application Pool with managed pipeline mode set to Classic - enabled IIS6 WMI compatibility and IIS6 management console (getting desperate here)

In our web.config there's and in our machine.config there's . I've tried putting impersonate to false and entering my domain user and password in the machine.config (it used to be like this) but that didn't help either.

Are there things I'm missing? Has anyone else had a similar problem?

+1  A: 

How does your application authenticate with SQL Server? Does it use SQL or Windows Auth? I hope you are trying to use Windows Auth. In that case, your IIS worker process should be running under that Windows user account. If not, it should at the least impersonate a Windows user account that has necessary access rights to SQL Server. If you have impersonation enabled and if you are using the right Windows user account and if SQL Server authenticates using Windows auth and if you are still unable to access SQL Server, you may be running into the classic double hop issue. In other words, you are trying to authenticate to IIS once and you are using the same crdentials to authenticate to the SQL Server over a network next(which is your second hop) and Windows does not allow that for security reasons.

msvcyc  2008-11-15 05:21:22
and there for ms created "trusted for delegation" checkbox in ad properties of a pc
Alexander Taran  2008-11-15 12:18:38
A: 

I'm sorry to say I can't look into the issue any further. Indeed, it probably is something with the way we connected to SQL Server (Win Auth) because we've changed it now. Now we connect with username and password in the connection string and it's solved. So I can't really say if you provided the answer, msvcyc, but I did vote on your solution. Thanks for the time and trouble.

Peter  2008-11-18 08:13:28
+1  A: 

I believe I have found a/the solution. At least it's working now. This is what I did:

  • The website is now running in a seperate application pool with Managed Pipeline mode set to classic, Load userprofile set to False and Identity set to custom and using a domain user (and password) that has access to the database.
  • Under 'authorization' of the website itself, I have Anonymous set to enabled and ASP.NET impersonate set to disabled.
  • in the web.config of the site is also set.

Credit where it's due, this site helped me.

Peter  2008-11-20 12:13:57
A: 

Well, I recommend you migrate to Integrated mode if there is not too many troubles to enjoy the innovation it brings. :)

http://mvolo.com/blogs/serverside/archive/2007/12/08/IIS-7.0-Breaking-Changes-ASP.NET-2.0-applications-Integrated-mode.aspx

Lex Li  2008-11-23 11:30:37
A: 

lo que deben hacer es lograr pasar su autenticacion de ususario a traves de IIS 7 de la siguiente forma:

para solucionar el error solicitada por el inicio de sesión. Error de inicio de sesión. Error de inicio de sesión del usuario IUSR o algo parecido

para esto deberan abrir IIS 7 y en la ficha de Autenticaciòn activa Suplantaciòn de identidad de ASP.net habilitarla.

lo otro que tem he hacer es:

al momento de agregar su aplicacion a IIS7 elegir en Autenticaciòn de paso a travès elegir en Conectar como luego en usuario especifico porne su nombre de usuario y su contraseña de WINDOS SEVEN una vez hecho esto.

luego de ya haber puesto su alias y su ruta de acceso fisico a la carpeta donde esta su pagina pongan en PROBAR configuración donde si han seguido los pasos aparecerà Suplantación de identidad como la forma de autorización

ya hecho esto funciona todo correctamente la conexion hecha con la cadena de conexión a la que han estado acostumbrados

Esto funciona perfecto... 100% asegurado

no necesitan de nada más talves agregar la característica de windws seven de compatibioidad de IIS 6 pero no creo que la necesiten

dejo 100 % seguro hagan estos pasos que son mas simples y funcionales que los propuestos por msdn

pesa agora, cruz ou coroba

serginhofogo

serginho9  2009-11-08 23:35:06
The site is English based...
Marc Gravell  2009-11-09 05:20:16

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps