Database Security Settings/Authorization

[kashif_82]

Hi, I am getting the following error on my connection for my Classic ASP pages:
Erro #-2147217843
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Microsoft OLE DB Provider for SQL Server

I know that this could be cause if your connection string is using uid=httpuser;pwd=annonymous, but I have changed that to Integrated Security=SSPI.

My question is what does this Integrated Security=SSPI mean. I have looked on the Web and found the solution but I can't try those solution since the DBA is already working on it and I am just a developer.

I havealready looked on the Web for articles on SSPI but didn't find any help:
http://msdn.microsoft.com/library/de...rityadonet.asp

Please note that the same type of connection string is working on .Net pages of the Web site. This site has both .Net and ASP pages. ASP pages are getting their conenction string defined in Global.ASA and .Net in Config file.

[pclement]

Does the Anonymous account have access to your SQL Server database? I'm assuming that you're using Anonymous (no) authentication for your web application?

[kashif_82]

Yes anonnymous does have access and the problem was solved. I used SSPI for my .Net pages and httpuser for ASP (which is kind of weird why one would work and other wouldn't). but my question was about the difference between Integrated Security and the use of uid/pwd in my config file. I know my question is not making much sense but I am unable to find any resources regarding this issue so I could ask a proper question.

[pclement]

When you specify SSPI in the connection string, the credentials under which the web application is executing is used to authenticate with SQL Server. That is why it's called integrated security.

Now the identity under which an ASP.NET and ASP web app runs can differ depending upon the configuration. For example, by default ASP uses impersonation and ASP.NET does not. So, under anonymous authentication the identity under which an ASP app executes is the local IUSR<machinename> account. By default, for all authentication modes, an ASP.NET application executes under the local ASPNET account. An ASP.NET app will only operate under the IUSR<machinename> account if you enable impersonation and implement anonymous authentication.

Of course if you specify the user ID and password in the connection string, without SSPI, then those are the credentials that will be used to authenticate with SQL Server.