I am building a reporting aspect of my .NET web app, and I have already come
accross the problem where if the app is hosted on a server and the backend
SQL database is hosted on another server, I cannot use integreated security
to retrieve data from the sql server (unless deligation is turned on...).
Now, our Report server is on a third machine. Can my data source(s) on the
report server use Integrated Authentication? A brief test failed, saying
cannot authorize NT/Anonymous but I may have set something up incorrectly.
Any suggestions?
BenThere is a double hop issue that you might be coming up against. You have to
be using Kerberos to be getting around this. Search the MS site for the
phrase double hop and you should find info on it and can see if it matches
your problem.
Bruce Loehle-Conger
MVP SQL Server Reporting Services
"Ben" <ben_1_ AT hotmail DOT com> wrote in message
news:B7DDBD38-A4FD-4EF2-AAA7-95D0B0478FDD@.microsoft.com...
>I am building a reporting aspect of my .NET web app, and I have already
>come
> accross the problem where if the app is hosted on a server and the backend
> SQL database is hosted on another server, I cannot use integreated
> security
> to retrieve data from the sql server (unless deligation is turned on...).
> Now, our Report server is on a third machine. Can my data source(s) on
> the
> report server use Integrated Authentication? A brief test failed, saying
> cannot authorize NT/Anonymous but I may have set something up incorrectly.
> Any suggestions?
> Ben|||Bruce
Thank you for the reply. I haven't done the search but I guess its the same
problem I'm having with the asp.net app im building.
Its funny, best practises says your db, your app and report server should
all be separate and integrated security used, but this setup doesnt naitively
work with integrated security.
thanks for the help.
"Bruce L-C [MVP]" wrote:
> There is a double hop issue that you might be coming up against. You have to
> be using Kerberos to be getting around this. Search the MS site for the
> phrase double hop and you should find info on it and can see if it matches
> your problem.
>
> --
> Bruce Loehle-Conger
> MVP SQL Server Reporting Services
> "Ben" <ben_1_ AT hotmail DOT com> wrote in message
> news:B7DDBD38-A4FD-4EF2-AAA7-95D0B0478FDD@.microsoft.com...
> >I am building a reporting aspect of my .NET web app, and I have already
> >come
> > accross the problem where if the app is hosted on a server and the backend
> > SQL database is hosted on another server, I cannot use integreated
> > security
> > to retrieve data from the sql server (unless deligation is turned on...).
> > Now, our Report server is on a third machine. Can my data source(s) on
> > the
> > report server use Integrated Authentication? A brief test failed, saying
> > cannot authorize NT/Anonymous but I may have set something up incorrectly.
> >
> > Any suggestions?
> > Ben
>
>|||You can use delegation, a feature built into 2K3 and AD. See this
link:
http://technet2.microsoft.com/WindowsServer/en/Library/c312ba01-318f-46ca-990e-a597f3c294eb1033.mspx
Bruce L-C [MVP] wrote:
> There is a double hop issue that you might be coming up against. You have to
> be using Kerberos to be getting around this. Search the MS site for the
> phrase double hop and you should find info on it and can see if it matches
> your problem.
>
> --
> Bruce Loehle-Conger
> MVP SQL Server Reporting Services
> "Ben" <ben_1_ AT hotmail DOT com> wrote in message
> news:B7DDBD38-A4FD-4EF2-AAA7-95D0B0478FDD@.microsoft.com...
> >I am building a reporting aspect of my .NET web app, and I have already
> >come
> > accross the problem where if the app is hosted on a server and the backend
> > SQL database is hosted on another server, I cannot use integreated
> > security
> > to retrieve data from the sql server (unless deligation is turned on...).
> > Now, our Report server is on a third machine. Can my data source(s) on
> > the
> > report server use Integrated Authentication? A brief test failed, saying
> > cannot authorize NT/Anonymous but I may have set something up incorrectly.
> >
> > Any suggestions?
> > Ben
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment