The final Story: It appears that ASP.NET does not support Integrated Windows Authentication when <identity impersonate="true" /> is set in the application Web.config file. This all works as expected if I turn off IAuth and turn on Basic Authentication, which I will not use simply because it will require my already authenticated intranet users enter their username and password all over again. This same method works great in PHP using IAuth. Go figure.
WTG Bill!!! <>< Ryan -----Original Message----- From: Ryan Jameson (USA) Sent: Tuesday, August 13, 2002 2:42 PM To: dotnet Subject: RE: C# - System.Data.OleDb - Trusted_Connection=yes One step further... SERVER/ASPNET required privilege to act as part of the operating system. Upon granting that I was able use impersonate a specified user and get the result I wanted. However, I still cannot get the IIS user token to pass through. Anytime I leave the username and password strings empty I get this: Exception Details: System.Runtime.InteropServices.COMException: The authentication mechanism is unknown ... Please reply if this is familiar. :-) <>< Ryan -----Original Message----- From: Ryan Jameson (USA) Sent: Tuesday, August 13, 2002 1:40 PM To: dotnet Subject: RE: C# - System.Data.OleDb - Trusted_Connection=yes I found this routing around in machine.config: <!-- identity Attributes: impersonate="[true|false]" - Impersonate Windows User userName="Windows user account to impersonate" | empty string implies impersonate the LOGON user specified by IIS password="password of above specified account" | empty string --> <identity impersonate="false" userName="" password=""/> When I set it to true .NET blows up with "The authentication mechanism is unknown" ... I'm sure this is the right path. I'll continue to try to figure it out. <>< Ryan -----Original Message----- From: Ryan Jameson (USA) Sent: Tuesday, August 13, 2002 1:21 PM To: dotnet Subject: RE: C# - System.Data.OleDb - Trusted_Connection=yes Thanks for the reply, I'm using ADO because it is more generic and my development methodology does not allow me to code for a specific database platform. The connection string is fine, the problem is the user it tries to use. In machine.config I do have comImpersonationLevel="Impersonate" set, but it still insists on using the generic account. Bill, if your listening, I have gotten over the fact that C# is a blatant rip off of Java, right down to machine.config and web.config files, but my gripe is, where in the heck do I find documentation on this stuff. I wish you would of stolen javadoc from Sun as well. <>< Ryan -----Original Message----- From: David L. Penton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 11:47 AM To: dotnet Subject: RE: C# - System.Data.OleDb - Trusted_Connection=yes 1) check www.able-consulting.com/ado_conn.htm for valid connection strings 2) why not use System.Data.SqlClient ? David L. Penton, Microsoft MVP JCPenney Application Specialist / Lead "Mathematics is music for the mind, and Music is Mathematics for the Soul. - J.S. Bach" [EMAIL PROTECTED] Do you have the VBScript Docs or SQL BOL installed? If not, why not? VBScript Docs: http://www.davidpenton.com/vbscript SQL BOL: http://www.davidpenton.com/sqlbol -----Original Message----- From: Ryan Jameson (USA) [mailto:[EMAIL PROTECTED]] I am using integrated security between SQL server & IIS and I want to make a trusted OleDb connection with the Trusted_Connection=yes option. However, I keep getting "Login failed for user 'MYSERVER\ASPNET'" ... which obviously is not the currently authenticate IIS user. Does anyone know how to make it use the authenticated IIS user? Thanks... <>< Ryan --- You are currently subscribed to dotnet as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/ --- You are currently subscribed to dotnet as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/ --- You are currently subscribed to dotnet as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/ --- You are currently subscribed to dotnet as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/ --- You are currently subscribed to dotnet as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] --------- Administrated by 15 Seconds : http://www.15Seconds.com List Archives/Search : http://local.15Seconds.com/search Subscription Information : http://www.15seconds.com/listserv.htm Advertising Information: http://www.internet.com/mediakit/
