tags:

views:

80

answers:

3
Q: 

Why is Windows authentication using wrong username?

We have an ASP site using Windows authentication to connect to a SQLServer database. There are three instances of the web site, a Dev environment (located on my Workstation), an UAT environment and a production environment, which are on separate servers.

When I access the Dev site (which uses the same DB as the UAT site) I have no issues, the site connects to the database using my Windows account. However when I connect to the UAT site, it uses a different account (one which belongs to me but is not connected to my default Windows login) which is not permissioned on the DB, so the site returns the following error:

Microsoft OLE DB Provider for SQL Server error '80004005' Cannot open database requested in login 'ANAML'. Login fails.
/inc/dbconnect.asp, line 4

The ASP files on the Dev and UAT sites are identical, so can anyone explain why the UAT site might be using the incorrect Windows account? This only affects me, from all workstations, and no other users.

Have rebooted the server and my workstation, and cleared my internet files locally.

A: 

"There are three instances of the web site, Dev environment (located on my Workstation), an UAT environment"

You should understand the the differences between impersonation (used only locally) and delegation (used connecting to another machine). This is "double hop" issue. These terms should be enough to find descriptions of IIS and SQL Server fundamentals to get acquainted yourself with in order to configure your web sites.

You had not given even a bare minimum in order to answer you more specifically.

vgv8  2010-10-18 14:00:16
To clarify: there is enough expertise in the organisation to know the difference between impersonation and delegation. The UAT site worked until very recently; what I'm trying to establish is why it has suddenly started picking up the incorrect Windows account. What further information would help you answer more specifically?
Nick  2010-10-18 14:14:34
A: 

Well, my ASP knowledge has mostly faded but I'll see what comes out of my brain. My first thought would be that the Virtual Directory security is configured differently on the server where it is failing. It sounds like you would need it to be set to "Integrated Windows Authentication" only.

If that is set correctly then I'd ask about your connection string. Does your connection string specify Trusted Connection (e.g. it does not specify a username and password)?

Where does the ANAML account come from? Is it a SQL only login or is it a windows account?

Russell McClure  2010-10-18 18:39:53
The connection string specified "Integrated Security=SSPI;"; 'ANAML' is just the name of the database, not the login. The account that should be used to log in to the DB is the Windows account I am using when accessing the website in a browser; however this is not the account it is using, for some reason.
Nick  2010-10-19 08:35:05
+2  A: 

I found the answer at this page on ServerFault. Seems the login details for the UAT server had been stored in the Users control panel at some point. Deleting the relevant entry in the control panel restored the correct login when connecting to the website.

Nick  2010-10-19 10:46:24

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?