SSPI Parameter in NetSqlAzMan connection string

Aug 25, 2011 at 7:01 AM

Andrea,

We are using NetSqlAzMan in our project and it seems to be working just fine for us. Thanks for the great work.

In the web.config, we have mentioned the NetSqlAzMan connection string as :

<add name="NetSqlAzManConnectionString" connectionString="Data Source=AUSDVSQLGRDCL03.aus.amer.dell.com;&#xA;&#xA;         Initial Catalog=MSLSQLDB_BRH_DIT;UID=MSL_ADMIN;PASSWORD=MSL_ADMIN$123;        MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />

Now, we want to add the SSPI parameter instead of exposing the user information as:

<add name="NetSqlAzManConnectionString" connectionString="Data Source=AUSDVSQLGRDCL03.aus.amer.dell.com;&#xA;&#xA;Initial Catalog=MSLSQLDB_BRH_DIT; Integrated Security=SSPI;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />

When we did this, NetSqlAzMan was not being detected and none of the authorizations worked.

Please advise an appropriate solution.

 

 

Coordinator
Aug 25, 2011 at 7:31 AM

Hi,

if you switch from SQL authentication to Windows authentication the user that connects to the NetSqlAzMan DB is the IIS Application Pool user of the Web application (default is Network Service).

To make it properly work you have 2 ways:

- Add the NETWORK SERVICE user to the SQL Role NetSqlAzMan_Readers (or Manager or Administrators, depends of what you do in your app)

- Change the User Identity of the Web Application to another Known domain users

o In this case, before you can use a domain user as a IIS Pool user you must prepare it with this console command:
(from the .NET framework folder):>aspnet_regiis –ga DOMAIN\USERNAME

o Then you can change the Application Pool user.

Regards,

Andrea.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Sep 26, 2011 at 9:04 AM

Hi Andrea,

About the first option, We already have the Network Service user added to the admin role with 'Allow with Delegation' permission. It did not make any difference, we still have the SSPI issue and none of the authorizations are working.

Could you please elaborate more on the above stated options ? 

Thanks in Advance !

Coordinator
Sep 26, 2011 at 9:41 AM

Please give me more details about the current configuration of your Application Pool.

Application Identity:

Authentication Type: (Anonymous, Windows, Basic ?)

Impersonation ?

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Sep 26, 2011 at 12:15 PM

 

Application Identity: Process account

Authentication Type: (Anonymous, Windows, Basic) : Windows

Impersonation : ASP.NET impersonation

Coordinator
Sep 26, 2011 at 1:27 PM

For the Application Pool …

Try to switch from the Process Account to a “Domain User” account Identity (using before the aspnet_regiis –ga DOMAIN\username command).

Let me know if it works.

__________________________________
Andrea Ferendeles
NetSqlAzMan Project Coordinator
E-mail aferende@hotmail.com Web http://netsqlazman.codeplex.com

Sep 27, 2011 at 10:47 AM

Andrea,

We did not try that because we need the Application Pool to work under a Process Account only.

Please suggest us accordingly.

Coordinator
Sep 27, 2011 at 11:39 AM