Login failed for user '\'

[Karl S.]

I'm at a loss to what the solution is. I have an intranet application that
runs on w2k3 with iis 6.0 security set to Integrated Windows authentication
only. I am using C# in .NET 2003 (7.1.3088) w/ Framework 1.1 (1.1.4322 SP1).
The web.config authentication mode="Windows" and authorization set to <allow
users="*" />.
This app is trying to connect to SQL 7.0 on an NT server in the same domain.
I currently have a web service running on the same w2k3 web server that
accesses this same SQL Server but uses anonymous access (set to a domain
user) and it connects just fine. Here's a stripped down version of the
routine that throws the exception.

private DataTable getData()
{
SqlConnection conn = new SqlConnection ("server=ntServer;database=myDB;
Integrated
Security=SSPI");
conn.Open(); <--------- throws SqlException
....
}

When I use WindowsPrincipal.Identity.Name.ToString() to see who this .NET
app is being ran as, it comes back with the correct domain\username that has
proper access to the database (I even used the domain admin account). But
the SQL Error message is saying "Login failed for user'\'". I tried setting
the authentication mode to anonymous and use the same user and SqlConnection
as my web service but I get the same error message. I've got to be missing
something but what?

Please help.

 

[Dominick Baier [DevelopMentor]]

Hello Karl S.,

do you have impersonation enabled??

 

[Karl S.]

Hi Dominick,

I do have <identity impersonate="true" /> set in the web.config file. It
does seem like it isn't taking though. Any thoughts on how to verify it?

~Karl

 

[Karl S.]

Looks like I was wrong about the below statement.

... I tried setting
the authentication mode to anonymous and use the same user and SqlConnection
as my web service but I get the same error message. ...

When I set the authentication mode to anonymous and use the same username as
my web service, it works. It appears that using "Integrated Windows
authentication" only is why it is failing for me. What do I need to do to
get this to work?

 

[Dominick Baier [DevelopMentor]]

Hello Karl S.,

so you are trying to access a back end resource using impersonated credentials.
this is called delegation and has to be configured.

have a look at:
http://www.leastprivilege.com/TroubleshootingKerberosDelegation.aspx

 

[Paul Clement]

¤ Looks like I was wrong about the below statement.
¤
¤ > ... I tried setting
¤ > the authentication mode to anonymous and use the same user and SqlConnection
¤ > as my web service but I get the same error message. ...
¤
¤ When I set the authentication mode to anonymous and use the same username as
¤ my web service, it works. It appears that using "Integrated Windows
¤ authentication" only is why it is failing for me. What do I need to do to
¤ get this to work?

You need to configure your environment for Kerberos as Dominick referred to in his last reply.

IIS cannot delegate credentials to remote resources when Integrated Windows Authentication has been
implemented.


Paul
~~~~
Microsoft MVP (Visual Basic)

 

[Karl S.]

Thank you for steering me in the right direction. I'll check it out.

 

[Karl S.]

Thanks Paul.