Win auth NT AUTHORITY\ANONYMOUS LOGON

2
votes

I have asp web page application with Integrated Windows authentication checked on IIS and cleared the Anonymous Access box. From Advanced windows authentication I have Enable kernel-mode authentication checked.

Application pool runs with admin domain user and integrated mode.

When user clicks on some web page inside this app, I can see from log that domain user name is send to server and also I have values in Request.ServerVariables("AUTH_USER").

Everything fine, as it should be. I can see which user access application.

Now, the web page also access SQL database. I have connection string, like:

"Provider=SQLOLEDB.1;Integrated Security=SSPI;..."

But when I access database, i get the following error:

Microsoft OLE DB Provider for SQL Server error '80040e4d'

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

How can i say, that connection to the sql server is made with app pool account and not anonymous?

2
sql-serverasp-classiciis-7windows-authentication
Did you set the "Physical Path Credentials" for the site to a specific user? Not that you should have, but that might cause this problem. - Seamus

2 Answers

1
votes

i think that if you check the config file of the web site for the identity tag you will find it set as follow:

<identity impersonate="true"/>

in your configuration it should be:

<identity impersonate="false"/>

this way you tell iis to not impersonate whoever is logged on remotely via web but to use the account specified in the application pool.

here is a page with a brief description of the topic.

1
votes

After 2 days of testing, i have finally manage to make it work. There are two forms of impersonation: "identity impersonate=false" is for application to run in the context of user or user defined in app pool. But there is also impersonation for application pool to use the user to access the resource on disk. It is under Basic settings and Connect as. Default is pass-through authentication. I don't know what it has to do with access to external database, but after set this to the same user of app pool, everything works now. I hope it will help somebody.