Integrated security fails on new server

[kaborka]

We are migrating from our old intranet server to a new one. My ASP.Net C#
app uses integrated security to connect to a SQL 2000 server located on a
different machine in the same domain. It is working fine on the old server.
The following are in web.config:

<authentication mode="Windows" />
<identity impersonate="true" />

Anonymous access is disabled on the virtual directory. Connection strings
are of the form:
Server=myserver;Database=mydb;Persist Security Info=False;Integrated
Security=SSPI;

On the new intranet server, the asp.net page can connect to the local SQL
Server using integrated security, and I have confirmed it us impersonating
the user correctly. However, when the page tries to connect to a different
SQL Server, I get the exception: "Login failed for user '(null)'. Reason: Not
associated with a trusted SQL Server connection."

Since this asp.net app works fine on our current intranet server (the
webpages are able to connect to SQL Server running on a different machine
using integrated security), there must be a problem with the configuration of
the new server.

I've confirmed that "Integrated Windows Authentication" is the only option
checked on the Authentication Methods dialog of the website properties, and
the web.config is set up correctly. What else should I look for to make the
new server work the same as the old one?

 

[Paul Clement]

¤ We are migrating from our old intranet server to a new one. My ASP.Net C#
¤ app uses integrated security to connect to a SQL 2000 server located on a
¤ different machine in the same domain. It is working fine on the old server.
¤ The following are in web.config:
¤
¤ <authentication mode="Windows" />
¤ <identity impersonate="true" />
¤
¤ Anonymous access is disabled on the virtual directory. Connection strings
¤ are of the form:
¤ Server=myserver;Database=mydb;Persist Security Info=False;Integrated
¤ Security=SSPI;
¤
¤ On the new intranet server, the asp.net page can connect to the local SQL
¤ Server using integrated security, and I have confirmed it us impersonating
¤ the user correctly. However, when the page tries to connect to a different
¤ SQL Server, I get the exception: "Login failed for user '(null)'. Reason: Not
¤ associated with a trusted SQL Server connection."
¤
¤ Since this asp.net app works fine on our current intranet server (the
¤ webpages are able to connect to SQL Server running on a different machine
¤ using integrated security), there must be a problem with the configuration of
¤ the new server.
¤
¤ I've confirmed that "Integrated Windows Authentication" is the only option
¤ checked on the Authentication Methods dialog of the website properties, and
¤ the web.config is set up correctly. What else should I look for to make the
¤ new server work the same as the old one?

Integrated security with SQL Server and an ASP.NET application implementing impersonation requires
Kerberos in a trusted environment in order to delegate credentials to a remote database server.
Without Kerberos, the integrated windows security authentication w/IIS is performed by NTLM and IIS
never receives credentials to delegate.


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[kaborka]

Well, I'm embarrassed! I double-checked the connection string used by the
ASP.net app on the old intranet server, and it is using SQL authentication
when it connects to a remote SQL Server. The connection string parameters
are set up in the registry. I had thought it was using integrated security
for both the local and remote SQL connections, but it was only using
integrated security for the local connection. My bad!

Thanks for your reply.