Please, can someone PLEASE give a simple, direct way to enable ASP.NET> Kerberos> Sql Server?
We have clientMachine> webServer> databaseServer. The client insists that the site should pull out the entrance to Windows, and not invite, therefore, you must use Kerberos and Integrated Authentication. It also MUST impersonate the user on the db server, causing a double switch.
Our domain is a Windows 2003 domain, which, as far as I can tell online, means Kerberos is enabled. And on a computer connected to the domain, when logging in, kerbtray shows me that I have a lot of tickets, so it obviously works.
Web server computer accounts and databases in AD are "delegated".
AD user accounts that must access the system are "delegated trusts."
When everything works, I will add more users, and now two.
The Sql server instance is running LocalSystem on the database server, which, as I can tell online, means that it does NOT require messing with these SPN things at all.
However, when I try to log in with any user, I get
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
indicates a failure in two jumps. This is facilitated by the fact that in the application log on the db server there are many entries from "MSSQL" saying the same thing.
, ... , IIS, SQL Windows - Microsoft, ???
,
- kerberos,
- db -
- AD
- AD sql ( db)
- IIS , ,
- IE