We have an application store in a web server using IIS 6.0, however the application is communicating to sql 2000 that is stored in a 2000 server.
In IIS 6.0 the application pool is set to Network Services, therefore sql 2000 is looking for a user called 'NT AUTHORITY\ANONYMOUS LOGON'.But the login failed, and I don't see how to add NT Authority as a user in a 2000 server like you can in a 2003 server.
In all, we are trying to set permissions to certain users only by using the identity impersonate='true' in the web config file, but even with this setting set to true, and our network information set as a user in sql 2000, we still are denied access to the data.
What are some things we need to look for and what configuration do we need to set?
Thanks,
xyz789P.S.
We also have all the permissions check to have access to all the tables and store procedures for each user.
Hi,
Are you trying integrated security and impersonating the current asp.net user?
Remove the anonymous access from IIS. Make sure in the authentication, only 'Integrated Windows
authentication' is checked.
You may need kerberos authentication.
http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/
HTH,
Suprotim Agarwal
--
http://www.dotnetcurry.com
--
Thank you!
No comments:
Post a Comment