WHAT I WANT:
An App running on an IIS Server
SQL running on SQLServer
And my user running the site on thier machine and connecting to SQL using their credentials.
WHAT I HAVE SET UP:
I have 3 machines 1 running AD (ADMachine), 1 running SQL Server (mySQLSERVER) and one running IIS (MyIIS).
I have a site on IIS running under the Default Website which navigates to http://MySite/MyApp
I have an app pool with a custom identify of MyDomain\MyServiceUser
have set up 2 SPN's using
setspn -a HTTP/mySite MyDomain\MyServiceUser
setspn -a HTTP/mySite/MyApp MyDomain\MyServiceUser
MY ISSUE:
Error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
on the page that connects to SQL
I have set up this test page on my site, and am getting an Authentication Method of Negotiate(NTLM) and not Negotiate(Kerberos)
http://blogs.msdn.com/b/friis/archive/2013/01/08/asp-net-authentication-test-page.aspx
To confuse matters even more, Kerberos is correctly used when fiddler is open, and stops being used when fiddler is closed.
Best Answer
Windows design issue, it's a negotiation issue, you can go for Kerberos only in authentication(and adapt the clients to that) or configure IIS for both. An extensive guide has been published here http://blogs.msdn.com/b/chiranth/archive/2014/04/17/setting-up-kerberos-authentication-for-a-website-in-iis.aspx