Categories: MSDN / DotNet / Java / Scripts / Linux / PHP Ask - La ask - La Answer
Programmers Tech >> Developer Tech >> ASP.NET

Login failed for user NT AUTHORITY\ANONYMOUS LOGON

I have an app that is being developed for our Intranet.
I have it so it will authenticate users that are members in an Active directory group.
But I am running into a problem when they try to connect to the SQL server.
Instead of connecting based on the Windows group, it is still connecting as NT AUTHORITY\ANONYMOUS .
How can i get the SQL connection to use the Windows group?
here is the Web.config:

<configuration>
<system.web>
<authentication mode= "Forms">
<forms loginUrl="Webform2.aspx" name="adAuthCookie" timeout="60" path="/" >
</forms>
</authentication>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
<identity impersonate="true" />
</system.web>
</configuration>

Here is my connection string
"workstation id=5WQ1K81;packet size=4096;integrated security=SSPI;data source=SERVERNAME;persist security info=False;initial catalog=livedb"

I setup a Windows group on the Database and in Active Directory.

The exception from SQL is
System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Let me know if you need more details.
[1355 byte] By [hexOffender] at [2007-11-11 10:07:36]
«« need help evaluating my project
»» interfaceing with mathcad
# 1 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Assuming that your web application has been configured for Integrated Windows security only, is your SQL Server installed on the same machine as your web server?
pclement at 2007-11-11 23:12:05 >
# 2 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
The SQL server is on a differnet machine than the Web server. I have the application configured for Integrated Windows Security only. If I set Impersonation to "false", I can access the SQL server. So now Im wondering if I actually need to run with impersonation?
hexOffender at 2007-11-11 23:13:05 >
# 3 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Have you verified that your web app is not configured for Anonymous as well? I wouldn't expect the behavior you are describing if it's configured exclusively for Integrated Windows security.
pclement at 2007-11-11 23:14:10 >
# 4 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Yes i just triple checked that. Anonymous access is disabled, should Basic Authentication be checked?
hexOffender at 2007-11-11 23:15:05 >
# 5 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
No, you don't need to have Basic enabled if you are using Integrated Windows. Are you by any chance running the web app locally on a development machine (while you're logged in)?
pclement at 2007-11-11 23:16:15 >
# 6 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
No the ap is being run from the web server, but I am testing it from my own PC where it was developed.
hexOffender at 2007-11-11 23:17:08 >
# 7 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
I went back and looked at your web.config file and noticed the app is configured for Forms based authentication mode. Is this what you want? Is the user being presented with a login form?

An ASP.NET web application is typically configured for Anonymous access when using Forms based authentication, since this method provides for authentication at the programmatic (code) level as opposed to the declaritive level (Integrated Windows). You can mix the two but it requires some extra work. Maybe you could explain exactly how you want the authentication process to work?
pclement at 2007-11-11 23:18:12 >
# 8 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
yes i am presenting the user with a login page because this app will be used on Computer On Wheels units( Mobile Desktops) and only users in a certain Security group should be able to run the app. So if I am using Forms Authentication, I shuold configure the App for Anonymous access? The login page will determine if the user is a member of the AD security group and should then grant or deny access.
hexOffender at 2007-11-11 23:19:10 >
# 9 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
I got it to work by turning off impersonation, but it does not deny access to users not in the group.
hexOffender at 2007-11-11 23:20:13 >
# 10 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
See if the following helps:

How to authenticate against the Active Directory by using forms authentication and Visual Basic .NET ( http://support.microsoft.com/default.aspx/kb/326340)
pclement at 2007-11-11 23:21:20 >
# 11 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Actually that was the article i used to get started on. Do I have to test whether the user is a member of the group?
hexOffender at 2007-11-11 23:22:19 >
# 12 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Yes, I believe so. If I understand the code correctly the groups are stored in a User Context object. You can probably call the IsInRole method to check if the user is in a particular role (group).
pclement at 2007-11-11 23:23:17 >
# 13 Re: Login failed for user NT AUTHORITY\ANONYMOUS LOGON
Now that makes sense..the groups are just stored in a string seperated by |. so i will just test for the substring and then redirect.
hexOffender at 2007-11-11 23:24:18 >
Developer Tech
ASP.NET

Developer Tech

All Classified

Developer Tech New Topic

Developer Tech Hot Topic