I just migrated a development workstation
- FROM: Windows XP Pro SP3 with IIS 6
- TO: Vista Enterprise 64bit with IIS 7
Since the move, one of my pages that accesses an SQL Server 2000 database is receiving the following error from my ASP.NET 2.0 web page: "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
I have:
- enabled Windows Authentication in IIS and web.config
- disabled Anonymous Authentication in IIS
- set up Impersonation to run as the authenticated user
- verified that the logged in user (in this case, me) has access to the appropriate database on the SQL Server
- verified that my login and impersonation information is correct in the ASP.NET page by checking User.Identity.Name and System.Security.Principal.WindowsIdentity.GetCurrent().Name (both display my username)
My connection string using SqlConnection is "Server={SERVER_NAME};Database={DB_NAME};Integrated Security=SSPI;Trusted_Connection=True;"
Why is it trying to login with NT AUTHORITY\ANONYMOUS LOGIN? I have to assume it's some setting or web.config entry specific to IIS7 since it worked fine before the migration.
NOTE: The SQL Server is Windows authentication only – no mixed mode or SQL only.
Best Answer
Looks to me like constrained delegation is not enabled: Configuring Servers for Delegation.