[Israel.pm] Connecting through IIS to SQL Server with Windows Authentication

Yossi Klein kleinyossi at yahoo.com
Tue Jan 24 07:28:01 PST 2012


With Windows authentication, the user credentials from the user running the CGI gets passed to the IIS server. I have verified that this is working properly by checking what the "effective" user is in the IIS server logs. This user also has been configured to have rights on the SQL Server.

And yes, the script runs successfully if I run it from the IIS server machine.



________________________________
 From: Roey Almog (Infoneto Ltd) <almog at infoneto.co.il>
To: Yossi Klein <kleinyossi at yahoo.com>; Perl in Israel <perl at perl.org.il> 
Sent: Tuesday, January 24, 2012 4:51 PM
Subject: Re: [Israel.pm] Connecting through IIS to SQL Server with Windows Authentication
 

Hi,

One thing I can think of (if I am not wrong):The CGI runs under the user of the IIS (a special windows user) this user does not have permissions on the SQL server

If you login to the 2003 server and try to run the script from the command line does it login ?

The user you login with into windows needs to be a trusted user on the SQL server so this thing will work



Roey









On Tue, Jan 24, 2012 at 4:08 PM, Yossi Klein <kleinyossi at yahoo.com> wrote:

I am trying to run a 
Perl CGI script that connects to a SQL Server. 
>
>Webserver = IIS 6.0 (running on MS Windows Server 2003 - SP2)
>
>SQL Server =  Microsoft SQL Server 2008 (SP1) - 10.0.2531.0 (X64)   Mar 29 2009 10:11:52   Copyright (c) 1988-2008 Microsoft Corporation  Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7600: )   (running on MS Windows Server 2008 R2 Enterprise)
>
>Perl =  ActiveState 5.8.3 (Yes, I know that there are newer versions, but I'm not in control of when upgrades happen and unless I have a good reason to upgrade, which of course also requires regression testing, I'd prefer not to).
>
>
>What I'm trying to do is to pass the Windows Authentication information to the SQL Server so 
that the person running the CGI script has the appropriate permissions in the db. The problem 
is that the the auth information is not being pass through: 
> 
>The error I'm getting is:
>
> 
>[Microsoft][ODBC SQL Server Driver][SQL 
Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. (SQL-28000)
>
>
> 
>Does anybody have 
any ideas or experience with this kind of set-up?
>
>
>Here's a test program that fails:
>
>##############
>use DBI;
>use CGI qw(:all);
>
>print "Content-type: text/html\n\n";
>print "<HTML>\n";
>
>my %attr = (PrintError => 0, RaiseError => 0, AutoCommit => 1);
>
>my $dsn =
>  "DBI:ODBC:DRIVER=SQL Server;Trusted_Connection=Yes;APP=MyApp;SERVER=jacob";
>
>#$dsn =~ s/trusted_Connection=yes;/UID=sa;PWD=xxxxxx;/i;
>
>my $dbh = DBI->connect($dsn, undef, undef, \%attr);
>
>if (!defined $dbh)
>    { $dbh = DBI->errstr; }
>
>print "$dbh\n";
>print "</HTML>\n";
>################
>
>
>If I comment out the line of code above that turns the connection into untrusted (and I fix the password, of course :-), the program successfully connects.
>
>
>Thanks,
>
>Yossi
>_______________________________________________
>Perl mailing list
>Perl at perl.org.il
>http://mail.perl.org.il/mailman/listinfo/perl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.perl.org.il/pipermail/perl/attachments/20120124/3cf57bc2/attachment-0001.htm 


More information about the Perl mailing list