I am now tearing my hair out as we speak...

[Guest]

Hi,
I'm tearing my hair out with this one.

I the error is basically.. Login failed for user 'NT Authority\Anonymous
logon'

I have seperate SQL Server and asp.net (1.1) servers.
The app is using Forms authentication.
Currently the process is running under the user bob\iusr_bob (bob being the
server name)
The app works fine from either web server or db server, when I either use
impersonation or not.
Unfortunately it doesn't work when you connect from client machines getting
the basic (server error in app/application) where it hides the error message
due to security.

identity impersonate="true" in web.config - when this line is removed I get
Login failed for user 'Null' not associated with a trusted sql server
connection

I believe the issue to be Login failed for user 'NT Authority\Anonymous
logon' however, since this was the error which was occurring before I
momentarily switched impersonation off.

HELP!!

I have looked at so much info my head hurts, and yet I'm not getting
anywhere. One of the basic questions is as to whether I should be using
impersonation or not.

I basically need to fix this. I can't say how much pressure I'm under to get
this done...

Any help most appreciated.
Thanks!

 

[Guest]

Okay, so you are using forms authentication. This means that the
authorization against your database server must NOT be based on the user
login ,and that in order for the site to use integrated authentication to
your database server, you need to specify the domain id and password for your
site to run under. This should be a domain account since there are two
different machines If you choose to have the site run under a specific
account, your identity element should look something like this:

<identity impersonate="true" userName="myDomain\myuser"
password="mypassword" />

where the id is a domain id for a valid user thas has appropriate access to
the server, and the password is the users password. The account you run the
site under requires particular permissions. These are documented at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp.

There is a tool that will let you put these in the registry as well, and I
recommend its use. You can find more on this tool at
http://support.microsoft.com/default.aspx?scid=kb;en-us;329290.


Alternately you can modify your connection strings to use a sql server
account for access, and not use integrated security to access your database.

Hope this helps

 

[Guest]

Okay, so you are using forms authentication. This means that the
authorization against your database server must NOT be based on the user
login ,and that in order for the site to use integrated authentication to
your database server, you need to specify the domain id and password for your
site to run under. This should be a domain account since there are two
different machines If you choose to have the site run under a specific
account, your identity element should look something like this:

<identity impersonate="true" userName="myDomain\myuser"
password="mypassword" />

where the id is a domain id for a valid user thas has appropriate access to
the server, and the password is the users password. The account you run the
site under requires particular permissions. These are documented at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod15.asp.

There is a tool that will let you put these in the registry as well, and I
recommend its use. You can find more on this tool at
http://support.microsoft.com/default.aspx?scid=kb;en-us;329290.


Alternately you can modify your connection strings to use a sql server
account for access, and not use integrated security to access your database.

Hope this helps

John Bailey
MCAD, MCSD, MCDBA

 

[Guest]

John,

Many thanks. You're my hero!

Placing the username and password in the identity impersonation resolved the
issue - once directory permissions were sorted.

Thanks again - I can't say how relieved I am (well, I could go on and on
quite frankly...)

 

[Guest]

Glad it worked for you. You would be surprised how often I get this type of
question. ASP .Net 2.0 has made this administration lot easier and less
cryptic.

 

[Guest]

Thats good to know... it had me beat.

I only hope it works when they clamp down the server...

 

[joey.powell]

You can always use SQL authentication instead of the Windows user
identity stuff, if the SQL server runs in mixed authentication mode.

JP>

 

[clintonG]

But must then choose which one of several methodologies used to secure the
credentials.
Always a little surprise waiting for each decision.

<%= Clinton Gallagher
METROmilwaukee (sm) "A Regional Information Service"
NET csgallagher AT metromilwaukee.com
URL http://metromilwaukee.com/
URL http://clintongallagher.metromilwaukee.com/