Reputation: 329
SQL Integrated Security Succeeds with ASP.NET, but fails with classic asp
On IIS 8.5, the only authentication method I have enabled is Windows Authentication, with Negotiate and NTLM. When I use a connection string in any ASP.NET application, running under an app pool who's identity is a domain account, I'm able to connect fine. In classic asp I get:
Microsoft OLE DB Provider for SQL Server error '80040e4d'
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
As far as I know the servers aren't configured for delegation, and I didn't explicitly set the SPN. I'm accessing the box via the FQDN which is netbiosname.mydomain.com .
Why is it working in ASP.NET, but failing in classic asp? Am I experiencing the double hop? Is there a way to confirm it is in fact the double hop?
Here's the error I'm getting:
Microsoft OLE DB Provider for SQL Server error '80040e4d'
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Upvotes: 0
Views: 1782
Answers (5)
Reputation: 11
In my case to solve it I set the "anonymous authentication" the use of the "application pool identity".
Sites > Authentication > anonymous authentication > Edit > application pool identity
Upvotes: 0
Reputation: 1
i was tearing my hair out for a while. then i tried creating a windows user account, with the proper permissions in SQL Server, and used "Integrated Security=SSPI" in the connection string. it worked like a charm - no AD required:
SQLconnex = "PROVIDER=SQLOLEDB;DATA SOURCE={server};DATABASE={db};UID={uid};PWD={pwd};Integrated Security=SSPI"
hope it helps and saves your hair.
Upvotes: 0
Reputation: 2181
To get ASP to connect to the database, in IIS 6, Directory Security -> Authentication Methods, Under Enable Anonymous Access, I set the anonymous access account to the AD account with permissions to the database.
Upvotes: 0
Reputation: 329
I found out how to resolve this issue, I believe the last step was the only one that helped, but here's what I did:
- Disabled all authentication methods other than Windows Authentication
- In IIS Manager, I used the "Convert to Application" option to mark the folder containing the classic asp code as an application
- Assigned the application to app pool running under AD account with access to SQL server
- Enabled 32-Bit application support on the app pool
- Set pipeline mode to integrated for app pool
- At this point I still was getting the same error
- I right clicked on the application and set the Physical Path Credentials to the same domain account that the app pool runs under and everything started to work correctly
Upvotes: 1
Reputation: 4190
I would imagine you need to set the classic asp IIS website to run as the domain account you're using for integrated security.
Upvotes: 0
Related Questions
- Sql Connection fails when using Integrated Security on IIS applications
- Implementing ASP.Net impersonation/delegation to connect to remote SQL Server from ASP.Net server not working
- asp.net via kerberos integrated windows authentication to sql server
- ASP.Net web application trying to use Impersonation and Delegation to connect to SQL Server
- Kerberos between IIS and SQLServer
- Kerberos double-hop in ASP.NET 4.0 & SQL2008R2
- Classic ASP Impersonation problem on IIS7 Windows 2008 server
- Security Issues ASP.NET integrated Authentication
- IIS to SQL Server kerberos auth issues
- Windows Integrated Authentication Conflict With MS-SQL 2000 DB Connection With Integrated Security