myLittleTools Community Forum

Welcome Guest Search | Active Topics | Members | Log In | Register

Need Help with Integrated Security Options · View
Marty
Posted: Thursday, January 29, 2009 8:02:37 PM
Rank: Newbie
Groups: Member

Joined: 1/28/2009
Posts: 4
Points: 12
Location: US, KC
After some work we have successfully gotten IIS to let us log on to the website with our Windows login credentials but when we attempt to log on to SQL Server all we recieve is;

.Net SqlClient Data Provider

Login failed for user 'NT Authority\Anonymous Logon'

Same error in SQL Server log so I know it's trying to get to DB. If I use SQL Authentication all works fine, just not windows Authentication. I know I have groups and userids both set as valid logins to SQL and DB but can't seem to get website to pass windows credentials.

Any help would be great. Main reason we are looking at this is because it uses integrated authentication as we do not use SQL authentication of anyting outside of app logins.

Thanks,

Marty
elian
Posted: Thursday, January 29, 2009 8:27:47 PM

Rank: Administration
Groups: Administration

Joined: 9/11/2006
Posts: 605
Points: 649
Location: Enghien Les Bains, France
If you want to use Windows Authentication, then you need to:
+ Disable Anonymous access to myLittleAdmin in your IIS console
+ Enable impersonation.

To enable impersonation, edit the web.config file and add
Code:
<identity impersonate="true">

in the <system.web> section

Marty
Posted: Thursday, January 29, 2009 9:26:51 PM
Rank: Newbie
Groups: Member

Joined: 1/28/2009
Posts: 4
Points: 12
Location: US, KC
I will have to admit sorry not too up-to-date on proper formatting in these files. If I code exactly what you have here I get syntax error in system.web file. It looked like I should just simply change <identity impersonate="true"> to <identity impersonate="true" /> but then still just received same anonymous errors. Here is a shot of my web.config file for this section please advise on correct syntax for this statement. Thanks Marty

<system.web>
<pages
validateRequest="false"
smartNavigation="false"
theme=""
/>

<identity impersonate="true">

<compilation defaultLanguage="c#" debug="true" />

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
culture="en-US"
/>

With this I get the following error

Parser Error Message: The 'identity' start tag on line 20 does not match the end tag of 'system.web'. Line 148, position 4.

Source Error:

Line 146: </case>
Line 147: </browserCaps>
Line 148: </system.web>
Line 149:
Line 150:</configuration>

elian
Posted: Friday, January 30, 2009 8:12:48 AM

Rank: Administration
Groups: Administration

Joined: 9/11/2006
Posts: 605
Points: 649
Location: Enghien Les Bains, France
You're right. The correct line is of course
Code:
<identity impersonate="true" />


If you get the same anonymous error, it means that you did not disable anonymous access to your myLittleAdmin virtual app in your IIS console. Once correctly done, you will have a windows login dialog box which will ask you for your windows credentials.

At last, i wanted to remind that myLittleAdmin is a web-based app and we recommend to use SQL Server authentication.
Marty
Posted: Friday, January 30, 2009 9:16:58 PM
Rank: Newbie
Groups: Member

Joined: 1/28/2009
Posts: 4
Points: 12
Location: US, KC
Thanks for the reply. We did seem to find the solution. Here is a shot of my new web.config file settings that we needed to change for full windows authentication to work. And we do plan to use windows authentication because we are only going to use this product in our intranet IIS servers not via the internet.

<system.web>
<pages
validateRequest="false"
smartNavigation="false"
theme=""
/>
<authentication mode="Windows"/>

<identity impersonate="true" />

<compilation defaultLanguage="c#" debug="true" />

<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
culture="en-US"
/>

<customErrors mode="Off" />

<authorization>
<allow users="*" />
</authorization>

We had to add the authentication mode section, identity section as you indicated and then switch allow users="?" to allow users="*" as we had in another .net app we had running here. This allowed us to log on to the web and db with our windows credentials successfully. Thanks again for the help and hopefully this will help any others that attempt this later.

Thanks,

Marty
Marty
Posted: Tuesday, February 03, 2009 9:47:45 PM
Rank: Newbie
Groups: Member

Joined: 1/28/2009
Posts: 4
Points: 12
Location: US, KC
Well I guess I was wrong, I didn't get it fully working. I can use integrated security as long as I am use the browser from my IIS server but as soon as I try to use an external browser say on my workstation I authenticate via windows to the web server but when I try to connect to the SQL Server I again am back to the 'NT Authority\Anonymous Logon'. Any help with other suggestions to get authentication to stay through both connections would be appreciated. Users for DBs are all set up with Windows authentication so to have everyone switch would negate the use of this tool.

Thanks,

Marty
Users browsing this topic
Guest


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Main Forum RSS : RSS

Theme created by myLittleTools
Powered by Yet Another Forum.net version 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.