Integrated Authentication

[Guest]

Ok, so I have a laptop running XP Pro with IIS 5.0, Visual Studio 2005, and
SQL Server 2005. I added the Northwind DB and set up my IIS website to use
Windows Integrated Authentication. I created a web page and configured the
connection string to use Integrated Authentication for the purpose of opening
a connection to Northwind and I got a login failed error.

The error was simple to solve, but what suprised me was the userid that was
used. I was logged in as Administrator but the error revealed that the userid
ASPNET was actually being passed to the DB. (Apparently passed by IE?) Does
anyone know what is going on here, I just thought for sure that the login
credentials (Administrator) would be used when invoking Integrated
Authentication.

Bill

 

[Scott Allen]

The error was simple to solve, but what suprised me was the userid that was
used. I was logged in as Administrator but the error revealed that the userid
ASPNET was actually being passed to the DB.

The connection is established from the ASP.NET worker process, which
runs under the ASPNET account. If you turn on impersonation in
web.config, then the runtime can establish a connection with the
client's identity that comes in from IE (your Administrator account).

The catch would be if you ever move the app into a distributed
envionment, impersonation breaks. Credentials can only make a single
hop across the network unless you move to 'the next level' of
credential forwarding - which is delegation.

Some resources:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000023.asp
http://odetocode.com/Blogs/scott/archive/2005/02/24/1053.aspx