asp.net windows authentication to sql server

Question

I can not seem to get sql server to recognize my credentials.

Asp.net recognizes me when I login but when I execute a sql command I get a login failed message.

Answer 1

This is key = The IIS server and SQL server are on different machines. You're facing the classic double hop issue. Think of it in this way:

• You access the web application under your credentials
• IIS in this case has to present who you say you are to the SQL Server
• IIS says, "Why hello SQL Server, I'm passing on Tony's kerberos creds, they are legit"
• SQL Server says, "Hmmm, IIS I'm not sure I trust you, I need proof that you are trusted to present these credentials to me".

Thus once you enable delegation as mentioned by Remus, your SQL Server will trust the credentials your IIS server is presenting on your behalf.

In terms of security, under delegation, it would be wise to choose:

Trust this computer for delegation for specified services only | Use Kerberos only | and then underneath the "Services to which this account can present delegated credentials" make sure you explicitly set only the server/port you need.