asp.netiissql-server-2008-r2kerberosiis-8.5

SQL Integrated Security Succeeds with ASP.NET, but fails with classic asp


On IIS 8.5, the only authentication method I have enabled is Windows Authentication, with Negotiate and NTLM. When I use a connection string in any ASP.NET application, running under an app pool who's identity is a domain account, I'm able to connect fine. In classic asp I get:

 Microsoft OLE DB Provider for SQL Server error '80040e4d' 

 Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. 

As far as I know the servers aren't configured for delegation, and I didn't explicitly set the SPN. I'm accessing the box via the FQDN which is netbiosname.mydomain.com .

Why is it working in ASP.NET, but failing in classic asp? Am I experiencing the double hop? Is there a way to confirm it is in fact the double hop?

Here's the error I'm getting:

 Microsoft OLE DB Provider for SQL Server error '80040e4d' 

 Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. 

Solution

  • I found out how to resolve this issue, I believe the last step was the only one that helped, but here's what I did:

    1. Disabled all authentication methods other than Windows Authentication
    2. In IIS Manager, I used the "Convert to Application" option to mark the folder containing the classic asp code as an application
    3. Assigned the application to app pool running under AD account with access to SQL server
    4. Enabled 32-Bit application support on the app pool
    5. Set pipeline mode to integrated for app pool
    6. At this point I still was getting the same error
    7. I right clicked on the application and set the Physical Path Credentials to the same domain account that the app pool runs under and everything started to work correctly