Authentication from ASP.NET web app to ASP.NET web service to SQL Server

I've got an ASP.NET (.NET 4.0) application that uses Windows Forms Authentication. This authenticates against Active Directory and works just fine.

This web app calls an ASP.NET Web Service(.NET 4.0) on the same server. Both the app and the service are running on IIS 6.

The web service calls a SQL Server 2005 database in the same domain using "Integrated Security=SSPI" as part of the connection string.

I want the web service and the database connection to use the credentials of the logged in user of the web app.

I've tried dozens of combination of settings from dozens of web sites, but nothing has worked. I'm on my second day and haven't gotten anywhere.

Is this even possible?

In my latest attempt, I added this code in the web app before calling the web service:

svc.Credentials = System.Net.CredentialCache.DefaultCredentials;

But inside the service, User.Identity.Name returns the value of the user who started the web server.


What you're trying to do is called "delegation". It means that the end-user is authenticated with the web server, and then the web server tries to use those credentials to gain access to the SQL Server. But the SQL Sever does not trust the web server, it only trusts the domain controller. So the request fails.

Besides not working, delegation has another disadvantage. Because each user would use different credentials, SQL connections would no longer be pooled. Each credential would have its own pool. That would be a major resource hog even at low user counts.

For more information, check out this MSDN article.

TL;DR: Give up on delegation and move to SQL auth.

链接地址: http://www.djcxy.com/p/74500.html

上一篇: Web服务中的ThreadPool.QueueUserWorkItem用于“消除和忘记”任务

下一篇: 从ASP.NET Web应用程序到ASP.NET Web服务到SQL Server的身份验证