.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Windows Integrated Authentication and Kerberos delegation.

Posted By:      Posted Date: October 21, 2010    Points: 0   Category :Sql Server

I currently have 2 seperate domains.

Domain A

Domain B


No domain trust has been establish.


In this scenario, if user is connected to Domain A via its desktop. Is there a way to access to a SQL Server in Domain B without using SQL authentication.


I heard of kerberos but would that solve my issues ?




View Complete Post

More Related Resource Links

Windows 2008 R2 kerberos authentication

Hi i have install windows 200R2 with blackpearl but i have this issue with Kerberos Authentication the same account when using ie8 on the local machine allows me to login while the same credientials using ie7 & ie8 on remote machine will keep prompting for credentials; any advise on this?

Integrated Windows Authentication

Hello,          I want to give access to one my web pages to only one User. That user is not entering his RACFID anywhere in dot net application.I want to get that RACFID and I want to validate that RACFID before entering to that web page.Can anyone help meTIA

Passing Credentials to IIS "Integrated Windows authentication" Protected Directory

Hello All,I have set up a directory on my IIS web server that is protected by "Integrated Windows authentication".  I want visitors to be required to enter a name and password to view files in the protected directory except if they are following a link to files in the protected directory from a certain page on my website.I am doing this to try to get better protection from search engine spidering than is provided by using a robots.text file. I am using ASP.NET 3.5 with VB.  I am wondering if there is a way to pass the log on credentials to the IIS server via a link, or if there is a way to fill in the name and password for the login screen automatically, or something else that would work.  It is OK if the login name and password are visible to the visitors.Any suggestions on how to do this would be appreciated or if there is a better way to accomplish what I am trying to do, I would like to know.Thanks 

Authorization Manager (AzMan) as role provider with Windows integrated authentication in SharePoint


Hi all,

First I will describe my environment: Windows Server 2008 R2 x64, IIS 7, SQL Server 2008 and MOSS 2007 Enterprise Edition SP2 x64.

I am trying to setup SharePoint 2007 portal to use Windows integrated authentication with Authorization Manager (AzMan) as role provider.

I have set up an authorization store and defined a set of roles in there. Further I configured the web.configs of my SharePoint environment to use AzMan as role provider.

In IIS I see the roles appearing, but unfortunately those roles are not available in my SharePoint portal. I also see notification in IIS stating that Forms authentication has to be used

What should I do to configure it correctly? Is it even possible to use AzMan with Windows authentication in SharePoint 2007?

Thanks in advance.

With kind regards,




windows integrated authentication


I want to use windows integrated authentication but I'm a bit confused about how it works.

How do you refer to the logged in user in code when (for example) creating/editing records.
I currently use a session variable which I set to the users id in my Users table and then refer to it like this:

    <asp:SessionParameter SessionField="userID" Type=Int32

PreAuthenticate, 401's, Integrated windows authentication


In a .NET 2.0 web-service on IIS 6.0, does setting the client proxy's PreAuthenticate property to true when using Integrated security (Windows authentication) remove the 401 errors that cause multiple round trips ?


I've saw .NET 1.1 articles that said PreAuthenticate doesnt work with windows authentication:



but haven't found anything to say its fixed in .NET 2.0



Windows authentication using SSRS 2008 R2 on separate machine from SQL db engine - Kerberos required


Is this still an issue in SSRS 2008 R2:  Can't use Windows authentication (integrated security) when the SQL database server is on a different machine than Reporting Services -- unless you (1) use Kerberos security, or (2) store credentials, or (3) use credentials supplied by the user when running report AND use as Windows credentials to impersonate?

I have SSRS 2008 R2 set up on a different machine than MSSQLServer 2008 R2.  When I create a report on the SSRS server that uses a data source specifying Windows integrated security, my symptom is that I get the following  error:

Cannot create a connection to data source 'myDataSource'. ---> System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Here is a blog describing the problem under SSRS 2005 (with IIS): http://blogs.msdn.com/b/jgalla/archive/2006/03/16/reporting-services-and-windows-authentication.aspx



Richard Thompson

IIS 6.0 hosted WCF webHttpBinding endpoint and Integrated Windows Authentication


the intranet application that I'm developing uses REST WCF endpoints (webHttpBinding). The endpoints are called by the client webbrowser through javascript XHR requests.  The WFC service is hosted in a website running on IIS 6.0 (AD domain member). The webapplication runs within an AD domain and uses integrated Windows authentication.

I use the following setup/configuration:

- I disabled anonymous access for the website  and enabled Integrated Windows Authentication.
- I added an Access control entry (read/Execute) to the website root directory for the Authenticated 
  Users group.
- The WCF service is configured for ASP.NET compatibility mode because I need access to the session
- I enabled POST, DELETE, PUT and GET http methods for the .SVC file extension in IIS.
- I use the following webhttpbinding configuration:

        <binding name="TestWebHttpBindingConfiguration"  maxReceivedMessageSize="16777216">
          <readerQuotas maxArrayLength="16777216" maxStringContentLength="16777216"/>
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" proxyCredentialType="Windows"/>

Tomcat Windows Integrated Authentication fails with More than 1 Web Application


Hi all,

I’m using Tomcat 5.5.23 on a Windows server 2003 (64 bit).

Tomcat runs as a window service, using an Active Directory account.

DB is configured to Windows Authentication mode alone.


Tomcat contains 2 web applications.

The DLL’s (sqljdbc_auth.dll) location is the value of Tomcat’s –Djava.library.path parameter.



The container loads, the first web application loads and successfully establishes a connection to the DB,

But the second web application fails to connect to DB, prompting:

 com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication.



When loading tomcat with only a single web application (either one), the web application successfully connect to the DB.

This is why I don’t think the reason is at web.xml.


Any idea?


Thanks, Itamar

Tomcat Windows Integrated Authentication fails with More than 1 Web Application


please check related topic in SqlDataAccess forum.


Thanks, Itamar

Web Matrix + Windows Authentication


I'm curious if its possible to get windows auth working with asp.net webpages/webmatrix.

I've got it published to IIS with windows auth turned on and anonymous/forms/basic turned off.

I'm guessing the WebSecurity Helper probably won't work here but can you access User.Identity.Name etc?

Sorry for the newbie questions, I've only just started working with asp.net ^^,

Intranet Users Challenged When Using Windows Integrated Security


We've setup an intranet site using Windows Integrated Security. Its up and running and users can access it. However, they are being challenged with a login dialog for the server when they initially access the site.

Isn't is possible to configure the server so that the users aren't challenged AND are recognized as being already authenticated by Windows? We're trying to go with a seamless experience, whereby all they have to do is login to their machine like normal and then go from there.

Windows Authentication for IIS in Windows 7 Home Premium Edition - for ASP Websites.


How to create a virtual directory and get benefit of the IIS. Is there a workaround to accomplish this without the Windows Authentication for Windows 7 Home Premium Edition?

Thanks in advance, 

Using windows authentication to access SQL when using ASP.NET 4.0 via COM+


I am using SQL Server 2008 under windows authentication, front end is ASP.NET which uses COM+ to access database.

COM+ components are configured to run as domain user.

When looking through the logs (SQL Profiler), I can see the login name as the configured identity instead of windows indentity.

I have got Website running under "Intergrated Windows Authentication" and database is running locally on webserver.

Web configure contains entry for <identity impersonate="true"/>.

My connection string is

connectionString="data source=db01\test01;initial catalog=test; integrated security=SSPI;persist security info=False; Trusted_Connection=Yes"

Any ideas?




Security Briefs: Exploring S4U Kerberos Extensions in Windows Server 2003


Building Web sites that provide services external to the corporate firewall is tricky. Usually it's not desirable to grant corporate domain accounts to external clients, and from a purely practical standpoint Kerberos does not work well over the Internet due to the typical configuration of client-side firewalls.

Keith Brown

MSDN Magazine April 2003

Forms based users being prompted for windows authentication login for My Sites photos in user lists

Here's an issue I didn't see coming for our forms based authentication users. 

We have a web application extended to an external url to handle forms based authentication for users outside of our domain. Our setup looks like this...

Internal Users/Windows Authentication - moss.domain.com
External Users/Forms Based - mossext.domain.com
My Site for Internal Users - mysites.domain.com

When our forms based users are accessing user lists, or discussion pages that display user pictures, they are getting a windows authentication login for our internal users (mysites.domain.com) who have populated their my site with personal photo.

How do we fix this? 

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend