2

Publishing the default visual studio ASP site on IIS everything is ok.

i set a windows autentification end with some effort in the top rigth corner i got Welcome MyDomain/MyAcount!.

Cool!

Later i had a simple EF query to the code (it work in local i get result) MyDomain/MyAcount exist as SQL windows account everything ok.

the probleme is when in application pool EF don't use the current user"MyDomain/MyAcount" that show in top rigth corner but use the pool user account "AUTORITE NT\NETWORK"

and it throw a nice autorisation error on page containing the EF query.

here my EF connection string:

   <connectionStrings>
    <add connectionString="metadata=res://*/Models.Model1.csdl|res://*/Models.Model1.ssdl|res://*/Models.Model1.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=M35824\MSQL32BIT;initial catalog=UNITY_DB_PROD;integrated security=True;multipleactiveresultsets=True;application name=EntityFramework&quot;" name="UNITY_DB_PRODEntities" providerName="System.Data.EntityClient" />
  </connectionStrings>

I don't want give rigth to "AUTORITE NT\NETWORK" in sql it would help but its not my need every query and stored procedure have to exec as the "conected user"

Improve this question

3 Answers 3

Reset to default
1

You need to use impersonation to forward your credentials to the sql-server or simply define another account for the application pool if you need to use integrated authentication.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'm inactive enough that I can't downvote, but this answer directly violates stack overflow answer guidelines. Specifically that answers should detail the solution, rather than just link elsewhere, because the external site could easily go down, relocate, etc. You even linked to an article that has a warning banner at the top stating that this document is not maintained. Answers should solve the problem 100% with self contained content, and only link to external sources for further reading, should one be interested.
1

i used this for impersonate finaly don't know if its the good way to do it but at least it work as expected no success trying impersonate connection string.

  public static List<List<string>> GetCountryData()
        {
            List<List<string>> DataRows = null;
            using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
            {
                using (var dbContext = new UNITY_DB_PRODEntities())
                {

                    DataRows = dbContext.final_full_data.Where(x => x.computername.Contains("m570")).Select(x => new List<string> { x.computername, x.DCAI_CENTRE, x.AD_CN }).AsEnumerable().ToList();
                }
            }
            return DataRows;
        }

feel free to provide other methode.

Improve this answer

1 Comment

As you're using windows integration authentication you could try adding <identity impersonate="true" /> under <system.web> in your web.config file. Although this will make the entire application run under the logged in user account.
0

Integrated Security - When false, User ID and Password are specified in the connection. When true, the current Windows account credentials are used for authentication. Source

So, I think EntityFramework is getting this information from IIS where you need to change your Page Pool application pool identity MyDomain/MyAcount, OR set it to false.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.