"NT AUTHORITY\ANONYMOUS LOGON" error in Windows 7 (ASP.NET & Web Service)
I have an asp.net web app which works fine in Windows XP machine in a domain. I am porting it to a Windows 7 stand alone machine. The app uses a web service which makes a call to sql server. The web server (IIS 7.5) and SQL Server are on the same stand alone machine.
I enabled Windows authentication for the website and web service. The web service uses a trusted connection connection string. The web service credentials uses System.Net.CredentialCache.DefaultCredentials. I noticed username, password and domainname are blank after the call! The webservice and web site use the 'Classic .NET AppPool' with NetworkServices identity.
I am getting an开发者_如何学JAVA exception "NT AUTHORITY\ANONYMOUS LOGON" in the database call in the web service. I am assuming it's related to the blank credentials.
I am expecting ASPNET user to be the security token to the database. Why is this not happening? Did I miss a setting? (Usually this happens when sql server and web server are on two different machines in a domain, delegation & double hopping, but in my case everything is on a dev box)
It sounds like you're experiencing the "double hop" problem. It basically means that you're not allowed to forward the clients privileges to a third party, usually a sql server on another machine.
I've answered this before, perhaps that answer will help you further.
Your problem seems to be related to the web service passing the correct credentials to SQL server.
There are a few layers of security for you to check. But the first and easiest is to make sure you have disabled any security other than Windows Integrated. IIS will always use the simplest security protocol. So if you have Anonymous and Windows Integrated enabled then you web site will always choose Anonymous.
Next each site in IIS7+ runs under an app pool which can have separate security. Then under all that the IIS Windows Service runs under a specific account.
Buy default you shouldn't really have much problem with app pool and IIS security as it pretty much works out of the box, but it's worth checking.
One more thing I would check is the named pipes in SQL. My knowledge isn't vast but I know that named pipes can be used for communication on the same server between various applications, IIS and SQL being two of them.
If names pipes is disabled through the SQL configuration manager then I would have expected a different error, but it's worth enabling.
Hope this helps. Mike
精彩评论