We are rolling out our first .net 4.0 entity framework application and are having an issue with security.
We have it working on our alpha site inside our development environment with the following setup:
- SQL2005
- IIS6
- .NET 4.0
- asp.net mvc 2
- Entity Framework
- NTLM
But when we moved it to our production environment for beta testing we are getting the following error via asp.net
SqlException (0x80131904): Cannot open
database “our database name”
requested by the login. The login
failed. Login failed for user
‘Domain\User’.
The only difference between the between the 2 environments is we are using Kerberos instead of NTLM in our production environment. We have several other .net 3.5 sites using LinqToSql that run on both environments.
We have already done the following:
- Replaced an active user on another test site with the user that is failing to make sure it isn’t an issue with the way the user is set up. – worked
- Dropped and re-added the user from sql2005 – did nothing
The issue appears to be related to .net 4.0 as this is our first…
The difference between NTLM and Kerberos is huge. With NTLM, you can use pass-through authentication with Kerberos you cannot. With Kerberos and Windows Authentication, you need to setup a Service Principal Name (SPN for short) that tells SQL Server that it can be accessed by whatever IIS account you use.
Understanding Kerberos and NTLM authentication in SQL Server Connections
Here’s another article on setting up Kerberos. Jump down to the section titled “Configure a service principal name for the domain user account”