C# ASPX Identity Impersonation / ConnectionString for user not working

Question

I have a C# ASPX website stored on one server that calls numerous results from an SQL server, both in the same domain. In my SQL database there are two users with the same permissions:

1. admin
2. NTADMIN\Me

My website is stored in the IIS directory on a local server. In my web.config file I have the identity impersonation and connection strings as follows:

<identity impersonate="true" userName="admin" password="admin" />

<add name="ConnectionString" connectionString="Data Source='server';Initial Catalog='database';Integrated Security=SSPI;" providerName="System.Data.SqlClient" />

Why does this work when I hardcode my 'NTADMIN\me' credentials but not the admin 'credentials' of the SQL database? Does the 'admin' user need to have domain credentials too? I didn't think this was necessary if I can log into the database using them.

The error I'm receiving is as follows (the uid+pwd work fine logging into the db):

Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.

Answer 1

Issue is with the privileges. Try this once.

Add local windows user account on the database server and the web server with the same user name and password and then add the user as a windows login to sql server and assigned the login appropriate permissions

make connection string Integrated Security=true.

add a the to the web.config. Enable anonymous access, and disable all other security options under IIS security settings.

Answer 2

You cannot impersonate a SQL user in this case. You have two user types here, a sql user AND a windows user. The identity impersonate tag there will only work for a windows user account.

Windows tries to log this user in and it knows nothing about it, hence the failed password.