iis7 delegate windows authentication user to the application pool to access sql backend

The way our organization handles security is all based in SQL Server. Basically users are added to Active Directory Groups, then these group开发者_JAVA技巧s are associated with databases.

So i have an Intranet based Silverlight RIA application. It's config is set to use windows authentication and impersonation. The web server it is hosted on is set to use impersonation and windows authentication.

As this application accesses a SQL Server back-end, how can i pass the authenticated users details to the application pool. So the application queries the database under their credentials? Or how can i query the database using their credentials through IIS 7.

Thanks

This is a classic double-hop problem, where NTLM can only pass credentials from the client (silverlight) to a single server (web tier). At that point, the server only has a token, not a user/pass pair, so it is unable to create the next token to to pass to the second server (SQL in this case). With this, you can't directly acheive what you want.

You can't "have the app pool take the ID"; but if I remember correctly, Keberos and AD auth delegation can solve this scenario of SQL access via a web tier using client credentials.

Take a look at this thread: Solution to avoid double-hop from client > web service > SQL Server