Problem with impersonation and delegation

[Kelly D. Jones]

I'm having problems with the following scenerio:

I am working with a Windows 2000 Active Directory Domain, of which all
the machines/accounts I use are members. I have an XP/IE6 client,
connecting to a Windows 2003/IIS 6 web server running .NET 1.1. The web
app connects to a SQL Server 2000 on another machine running Windows
Server 2000.

I've turned on impersonation, which appears to be working correctly.

I get an error when I try to retrieve information from the SQL server.
Security on the database is correct, for the account that I am logged in as.

I think my problem is with delegation, but I'm not sure.

Any help given, will be greatly appreciated.

 

[Ian]

Hi,

Just to get this straight...you're impersonating in IIS and ASP.NET (and
this works) but when you call from ASP.NET to SQL Server on another box the
call fails?

You can't impersonate across more than one machine. If you need to access
the SQL box using the security credentials of the impersonated account
you'll need to set up delgation between the servers. Check out the help in
Windows - or somewhere like Technet - for more about this. Alternatively,
use SQL authentication or mirrored accounts on the web server and SQL box.

HTH

Ian