Hi,
I'm struggling trying to catch the current user in MSSQL with
SYSTEM_USER through an Intranet Application. I try to do this to create
audit trail of changes to data. (I'm aware of the performance penalties
it causes due to application pooling problems with integrated
security.)
Now to my problem:
Using IIS6.0 ASP.NET 1.1 on Windows2003 with Windows Authentication
enabled and Anonymous logon disabled. I get the correct user and can
verify him/her in IIS. Now I want this identity to be used when logging
into SQLServer. To keep things simple, lets say the SQLServer is on the
same machine (it is right now, but won't be further on). The aspx-pages
use a wrapper to call COM-dll's that connect to the database using an
ODBC file DSN. I have set <indentity impersonate="true" /> in
Web.Config and have created the Windows Integrated Security login
accounts in SQLServer with proper db-roles to update the data.
Unfortunately I keep getting stuck with the NT AUTHORISATION/NETWORK
SERVICE account when the connection reaches SQLServer. It was working
last week, but now I've made a clean install and just can't get it to
work.
Please help with any ideas! The <identity impersonate="true" /> isn't
listening to me.
/RichardIt looks like you might be missing setting up delegation.
The following articles should get you started:
How To: Implement Kerberos Delegation for Windows 2000
http://msdn.microsoft.com/library/d.../>
NetHT05.asp
How to use Kerberos authentication in SQL Server
http://support.microsoft.com/?id=319723
-Sue
On 15 May 2006 17:23:09 -0700, richard.allgardh@.medinit.se
wrote:
>Hi,
>I'm struggling trying to catch the current user in MSSQL with
>SYSTEM_USER through an Intranet Application. I try to do this to create
>audit trail of changes to data. (I'm aware of the performance penalties
>it causes due to application pooling problems with integrated
>security.)
>Now to my problem:
>Using IIS6.0 ASP.NET 1.1 on Windows2003 with Windows Authentication
>enabled and Anonymous logon disabled. I get the correct user and can
>verify him/her in IIS. Now I want this identity to be used when logging
>into SQLServer. To keep things simple, lets say the SQLServer is on the
>same machine (it is right now, but won't be further on). The aspx-pages
>use a wrapper to call COM-dll's that connect to the database using an
>ODBC file DSN. I have set <indentity impersonate="true" /> in
>Web.Config and have created the Windows Integrated Security login
>accounts in SQLServer with proper db-roles to update the data.
>Unfortunately I keep getting stuck with the NT AUTHORISATION/NETWORK
>SERVICE account when the connection reaches SQLServer. It was working
>last week, but now I've made a clean install and just can't get it to
>work.
>Please help with any ideas! The <identity impersonate="true" /> isn't
>listening to me.
>/Richard
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment