0

I've got an ASP.NET (.NET 4.0) application that uses Windows Forms Authentication. This authenticates against Active Directory and works just fine.

This web app calls an ASP.NET Web Service(.NET 4.0) on the same server. Both the app and the service are running on IIS 6.

The web service calls a SQL Server 2005 database in the same domain using "Integrated Security=SSPI" as part of the connection string.

I want the web service and the database connection to use the credentials of the logged in user of the web app.

I've tried dozens of combination of settings from dozens of web sites, but nothing has worked. I'm on my second day and haven't gotten anywhere.

Is this even possible?

In my latest attempt, I added this code in the web app before calling the web service:

svc.Credentials = System.Net.CredentialCache.DefaultCredentials;

But inside the service, User.Identity.Name returns the value of the user who started the web server.

Improve this question
2
  • Check out support.microsoft.com/kb/306158 and give the code in "Impersonate the Authenticating User in Code" a try and see if it works for you. Commented Mar 21, 2012 at 15:15
  • @NickBork: That method requires giving ASP.NET "run as part of the OS" privilege, or even making it run as SYSTEM (the NT name for root.) Not sure if that's all all healthy. Commented Mar 21, 2012 at 15:19

1 Answer 1

Reset to default
1

What you're trying to do is called "delegation". It means that the end-user is authenticated with the web server, and then the web server tries to use those credentials to gain access to the SQL Server. But the SQL Sever does not trust the web server, it only trusts the domain controller. So the request fails.

Besides not working, delegation has another disadvantage. Because each user would use different credentials, SQL connections would no longer be pooled. Each credential would have its own pool. That would be a major resource hog even at low user counts.

For more information, check out this MSDN article.

TL;DR: Give up on delegation and move to SQL auth.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I may just move to SQL auth. However, the web service still needs to grab the user's credentials to determine which sql user to connect with. The web service runs on the same server as the web app, so delegation should not be an issue.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.