yes, i used impersonation <identity impersonate="true"/> in the web.config.
if i didn't, all accounts, userA and userB should failed to connect to
database.
however, acount, userA can access succesfully!
the database is installed on another machine from the web application.
"Scott Allen" wrote:
> Is the database on the same machine?
> Are you using impersonation <identity impersonate="true"/> ?
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
> On Fri, 29 Apr 2005 02:32:14 -0700, boy
> <boy@dotnet.itags.org.discussions.microsoft.com> wrote:
>
>Boy:)
U are saying User! can log in successfully but UserB can't!
Thats wierd.
But do they both have the ASPNET account?
Try adding the 2 users to the ASPNET acct..
Hope this helps
Patrick
*** Sent via Developersdex http://www.examnotes.net ***
Um.
Both UserA and UserB can pass the IIS authentication. After authentication,
their identities were impersonated to access database. However, only UserA
can access db succesffully.
"Patrick Olurotimi Ige" wrote:
> Boy:)
> U are saying User! can log in successfully but UserB can't!
> Thats wierd.
> But do they both have the ASPNET account?
> Try adding the 2 users to the ASPNET acct..
> Hope this helps
> Patrick
> *** Sent via Developersdex http://www.examnotes.net ***
>
Can UserB access the DB now?
*** Sent via Developersdex http://www.examnotes.net ***
The following result is the result i got at the very beginning, event though
i haven't added them to the ASPNET account.
-- Um.
-- Both UserA and UserB can pass the IIS authentication. After
authentication,
-- their identities were impersonated to access database. However, only User
A
-- can access db succesffully.
Your suggested method is used to allow both users to pass the
authentication, am i right? However, my problem is...both users can pass the
NT/IIS authentication.
"Patrick Olurotimi Ige" wrote:
> Can UserB access the DB now?
>
>
> *** Sent via Developersdex http://www.examnotes.net ***
>
If you use Query Analyzer Can both users login to the Database?
Try adding the users to ASPNET account?
Are u in a DOMAIN environment?
And how are u connecting to the Database? Are u using Windows
Authentication?
Patrick
*** Sent via Developersdex http://www.examnotes.net ***
My suggestion would be to launch SQL Profiler and see what accounts
the database server is actually seeing when the users try to connect.
SQL Profiler will allow you to watch login/logout events.
Alternatively you could use the SQL audit log in enterprise manager.
The reason I say you should see what accounts are incoming is that
impersonation doesn't work if there is a second hop involved across
the network. If UserA is actually logged into the web server and
running IE then impersonation works, because UserA's credentials only
make one hop (from the web server to the database server). If UserB is
on a third machine, then UserB's credentials can hop from the client
machine to the web server, but can't make a second hop from the web
server to the database server.
HTH,
Scott
http://www.OdeToCode.com/blogs/scott/
On Fri, 29 Apr 2005 22:26:02 -0700, boy
<boy@.discussions.microsoft.com> wrote:
>The following result is the result i got at the very beginning, event thoug
h
>i haven't added them to the ASPNET account.
>-- Um.
>-- Both UserA and UserB can pass the IIS authentication. After
>authentication,
>-- their identities were impersonated to access database. However, only Use
rA
>-- can access db succesffully.
>
>Your suggested method is used to allow both users to pass the
>authentication, am i right? However, my problem is...both users can pass th
e
>NT/IIS authentication.
>
>"Patrick Olurotimi Ige" wrote:
>
The situation is the same for all users.
User A & B--> Web Server (impersonation) --> database.
I found from the event log(event viewer) of web server that both user can
successfully login the web server. i.e. userB can't make a second hop from
the web
server to the database server, but userA...
what's going on...!?!?
I did another testing....I migrated the web server to another server. Both
userA and userB can access database now. Problem solved.
However, i want to figure out...what's wrong the orginal server's
configuration....
Anyway, thx alot your reply
"Scott Allen" wrote:
> My suggestion would be to launch SQL Profiler and see what accounts
> the database server is actually seeing when the users try to connect.
> SQL Profiler will allow you to watch login/logout events.
> Alternatively you could use the SQL audit log in enterprise manager.
> The reason I say you should see what accounts are incoming is that
> impersonation doesn't work if there is a second hop involved across
> the network. If UserA is actually logged into the web server and
> running IE then impersonation works, because UserA's credentials only
> make one hop (from the web server to the database server). If UserB is
> on a third machine, then UserB's credentials can hop from the client
> machine to the web server, but can't make a second hop from the web
> server to the database server.
> HTH,
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
> On Fri, 29 Apr 2005 22:26:02 -0700, boy
> <boy@.discussions.microsoft.com> wrote:
>
>
did anyone else encounter the same problem!!!
Help Help Help
"boy" wrote:
> The situation is the same for all users.
> User A & B--> Web Server (impersonation) --> database.
> I found from the event log(event viewer) of web server that both user can
> successfully login the web server. i.e. userB can't make a second hop from
> the web
> server to the database server, but userA...
> what's going on...!?!?
>
> I did another testing....I migrated the web server to another server. Bot
h
> userA and userB can access database now. Problem solved.
> However, i want to figure out...what's wrong the orginal server's
> configuration....
> Anyway, thx alot your reply
> "Scott Allen" wrote:
>
Boy,
Sql Profiler could really help as previous post adviced!
Any if u finally got where u got stuck.
It would be nice if you can hint back
*** Sent via Developersdex http://www.examnotes.net ***
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment