Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Feb 03, 2013 05:14 PM by Jay R
May 17, 2012 12:47 PM|LINK
I am hosting an application built in ASP.Net 4.0 on Windows 2008 Server which has IIS 7.5 .The server is part of domain. Backend database is SQL 2008.
In the IIS virtual directory settings for my application, when I set the Physical Path Credentials to my WIndows NT domain ID, then I am able to use the application, When I set it to pass-through authentication, it fails.
Below are the settings that I have given,
1)Identiy Impersonate = true
2) In database connection string ,Integrated Security =true
3) Allow Anonymous access is false
4) Allow roles to NT group
5) Deny Anonymous access
6) In the Application Pool settings, I have set the identity to the built-in ApplicationPoolIdentity
7) In the Application Pool settings, Managed Pipeline mode is set to classic. It fails when I set it to Integrated.
Basically I want to capture the Windows NT domain login Id of the person who accesses the application pages. But when I set it to
pass-through authentication, it fails to call the SQL Server and gives me the error' Login failed for user 'NT Authority\Anonymous Logon', but when I set to one particular account in the Physical Path Credentials, then it works,
but it does not serve the purpose of capturing the exact Windows NT domain ID of the person accessing the page, since I have already given a specific domain ID.
Also please note that the person who is accessign, the application from the URL has administrator privilleges on the windows server and SQL Server also.
May 17, 2012 12:51 PM|LINK
in you code thy this
hope it is helpful..
May 18, 2012 06:45 AM|LINK
Thanks for the reply.
What I am looking for is some configuration changes either in Web.config or IIS , or some new group to be created in active directory, I already have code which captures which domain user logs into the application.
Basically my problem is the application fails if I dont specify credentials in the Physical Path Credentials section in IIS.
Currently whenever I specify pass-through authentication ,it does not connect to SQL server . saying login failed, even though I have specified as authentication mode="Windows" and
Identity impersonate="true" in the web.config In the IIS Virtual direcory settings, when I specify NT credentials of the domain user in the
Physical Path credentials, then I am able to connect successfully to SQL Server.
May 18, 2012 06:58 AM|LINK
Are you trying to use "windows active directory" for your users authentication?
May 18, 2012 09:46 AM|LINK
Yes.. The WIndows Server is part of domain and hence I use Active Directory . This is intranet application.
I am not able to establish connection between ASPNet 4.0,IIS 7.5 and SQL 2008 for windows authentication, even though I have the following settings .
I get the error 'Login failed for user NTAuthority\Anonymous Logon'
Even though I think I have configured for Windows Authenitication, I am not sure why it is taking as Anonymous logon when trying to contact SQL Server from IIS.
Settings in Web.Config
In Connection String, Integrated Security= SSPI, persist security info=false;Trusted_Connection="Yes"
authentication mode ="Windows"
identity impersonate ="true"
<allow roles="DOMAIN\usergroup" />
in IIS, I have the following settings
Application Pool Settings
Identity = ApplicatonPoolIdentity
Managed Pipeline Mode = Classic
Load User Profile = false
IIS Virtual Directory Settings
Allow Anonymous authentication is Disabled
Allow Roles = "Active Directory Security Group"
Windows Authentication = Enabled
ASP.Net Impersonation = Enabled
Rest all are disabled
Physical Path Settings = Application user pass-through authentication .
THE Same application, when I copy to my local Windows XP machine works without any problem, but when I move it to the Windows 2008 Server, I get the error 'Login failed for user NT Authority\Anonymous Logon'
May 18, 2012 10:12 AM|LINK
Configuring windows authentication on IIS 7.x is pretty simple. Let just follow some checks first. read this article and check your settings first.
Are you using Role Management?
May 18, 2012 01:30 PM|LINK
Yes I am trying to use Role Management, which is authorization. Also I see in my Windows 2008 Server, that w3wp.exe process is missing from the task manager. Is it supposed to there for WIndows 2008 Server R2 , which has IIS 7.5
Also the connection from IIS 7.5 to SQL 2008 works fine, when I specify credentials for the
Physical Path Credentials in IIS like domain\UserName and password.
It is only failing, when I specify application user pass-through authentication.
May 18, 2012 02:33 PM|LINK
I tried all the settings sent by you in the link.
I also enabled auditing for the windows folder on the IIS server, where the application. I could see that in the EventViewer, that under Security , it showed audit failure for my domain user account. Actually my Domain user id is Local Admin on this WIndows
2008 Server R2.
Is w3wp.exe required to be running on the server.?
MOST IMPORTANT THING BELOW
Basically for the Physical Path Credentials , I want
PASS-THROUGH AUTHENTICATION to work on IIS, so that it takes the Domain WIndows NT User Id of the person.
The application only works when I specify my domain userID credentials for the
Physical Path Credentials on IIS. Also I have enabled ASP.NET Impersonation on IIS (also identity impersonate="true" in web.config)
May 21, 2012 12:39 PM|LINK
Also when I checked the eventviewer, I found that it was giving the error as
Thread account name: IIS APPPOOL\DefaultAppPool
Is impersonating: False
I have explicity set <identity impersonate="true"/> in web.config, but why am I getting as Impersonating is false in EventViewer Application log ?
May 25, 2012 06:45 AM|LINK
Can I get any help on this ?