I have a C# ASPX website stored on one server that calls numerous results from an SQL server, both in the same domain. In my SQL database there are two users with the same permissions:
- admin
- NTADMIN\Me
My website is stored in the IIS directory on a local server. In my web.config file I have the identity impersonation and connection strings as follows:
<identity impersonate="true" userName="admin" password="admin" />
<add name="ConnectionString" connectionString="Data Source='server';Initial Catalog='database';Integrated Security=SSPI;" providerName="System.Data.SqlClient" />
Why does this work when I hardcode my ‘NTADMIN\me’ credentials but not the admin ‘credentials’ of the SQL database? Does the ‘admin’ user need to have domain credentials too? I didn’t think this was necessary if I can log into the database using them.
The error I’m receiving is as follows (the uid+pwd work fine logging into the db):
Could not create Windows user token from the credentials specified in the config file. Error from the operating system ‘Logon failure: unknown user name or bad password.
You cannot impersonate a SQL user in this case. You have two user types here, a sql user AND a windows user. The identity impersonate tag there will only work for a windows user account.
Windows tries to log this user in and it knows nothing about it, hence the failed password.