Built-in protection in the connection string

Question

Built-in protection in the connection string

I just tried to port my WCF service to Windows Authentication using this connection string

<add name="MembershipConnection" connectionString="Data Source=DBADDRESS ;Initial Catalog=aspNetMembership;Persist Security Info=True;Integrated Security=SSPI;"/>

The WCF Service is hosted in IIS (2003) and the user I set up under Directory Security is like the user we set up for this application, which has permission setting in SQL. The application pool configuration for this application is done under the "Network Service" user, but I am getting this exception when I try to use this service.

System.Data.SqlClient.SqlException: Login failed for user 'Domain \ MAchineName $'

I spoke to our sysadmin and he says that the $ at the end of the username means the computer itself if it is trying to authenticate a non-user.

any ideas as to why the machine is trying to authenticate and not a custom setting in IIS?

+2

sql .net iis wcf windows-authentication

kay.one 28 Aug 09 at 20:19

source to share

2 answers

You need to configure the service to impersonate the caller (simple part like with [OperationBehavior(Impersonation = ImpersonationOption.Required)]

), then you need to configure IIS for constrained delegation. Cm

+1

Remus Rusanu 28 Aug '09 at 20:30

source to share

Philip Rieck · Accepted Answer · 2009-08-28T20:31:29+0000

Actually, it works as advertised: the "Network Service" user will authenticate as a machine for any remote connections. From the msdn docs on it here :

Service that runs in context under the NetworkService account computer credentials of the remote servers

If you need a specific account, you need to create one and configure the application pool to run under that account.

If you want to authenticate as a user, you need to set up delegation.

Built-in protection in the connection string

More articles: