I have setup 3 VMs:
- (A) Active Directory in Windows 2008 R2.
- (B) Microsoft SQL Server 2008 Express in Windows XP SP3.
- (C) IIS in Windows XP SP3.
Both the SQL Server and IIS are joined in the Domain but the host PC is not. I've also created a domain administrator user with administrator privileges in the SQL Server. I can ping/access all the VMs from each other and from the PC hosting the VMs. I can connect to the SQL Server VM using Windows Authentication in SQL Server Management Studio inside the IIS VM with no problem.
I created a very simple application in ASP.Net application hosted in the IIS VM that opens a database connection in the SQL Server VM. I've set the web site to authenticate via Windows Authentication only. Here is my connection string:
Server=DATABASE;Database=HAP;Trusted_Connection=True;
Here is code:
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
using(connection) {
connection.Open();
}
I've also set "Trust this computer for delegation to any service (Kerberos Only)" in AD for the IIS VM.
It throws "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication." exception. If I change the connection string to this:
Server=DATABASE;Database=HAP;User ID=sa;Password=connectsql;
the application works fine.
I really need it to authenticate via Windows Authentication and not via SQL Server Authentication.
Note: IIS prompts the user for his Windows credentials.
