I have a website which is hosted on IIS on a server in my network. The website uses an app pool that runs under my username. My username is in the admin group in the server.
The Windows Authentication is enabled while the Anonymous Authentication is disabled. In addition, the ASP.NET Impersonation is enabled.
I enabled impersonation in web,config by adding the following line:
<identity impersonate="true" />
I also enabled windows authentication in web.config by adding the following line:
<authentication mode="Windows" />
The page contains code that opens a connection to database in the Page_Load:
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["Default"].ConnectionString);
try
{
connection.Open();
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
finally
{
if (connection.State != System.Data.ConnectionState.Closed)
{
connection.Close();
}
}
When I open the page in the browser on the server, the page works perfectly. When I take the same URL and open it from my machine, I get the error below. Please note that Other websites that don't use impersonation work normally when I host them on the same server and access them from my machine.
The error I get is:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
Thanks in advance for your help
This might be two things:
And just to add for clarity: if your ADDCs are not publically available (which they'd better not), then you will not be able to authenticate via Kerberos.
NTLM might relax that Problem, but it often has issues with different Browsers - also: don't use NTLM - remove that Provider from IIS - NTLM is dead.