|Applies To||Access Manager 4.x agent for IIS 6.0|
Impersonation and Delegation in ASP.NET
|Issue||AXM- Error with Using impersonation and Delegation with ASP.NET and WINDOWS SSO|
ASPX Application using impersonation and user from protocol transition token to access MS SQL database receives exception on connect.
ERROR: System.Data.SqlClient.SqlException: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
The connection string in use in the web.config file was:
Windows Event log reports the following:
Event Type: Information
If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s 18452, Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
In ActiveDirectory this will require that the computer object that is hosting the IIS server must be be allowed to delegate. In "Active Directory Users and Computers", select under computers the computer object the IIS server is located on. Right click on the computer object of that server and select "Properties". Select the "Delegations" tab. Select the radio button "Trust this computer for delegation to specified services only". Hit the add button and select the MSSQLSvc service type for the server that the MS SQL Server is located.
One could also use "Trust this computer for delegation to any service (Kerberos only) , but this would be less secure.
To allow ASP.NET to impersonate the incoming user when trying to communicate with SQL instances which are on another machine you need to add the following lines of code to your web.config file:
|Legacy Article ID||a49032|