2

First I'll explain the setup: I am developing for an Intranet environment. I have a server with Microsoft Server 2008 R2, IIS 7 and Microsoft SQL 2012 that contains all my applications. The IIS is configured to authenticate only using Kerberos.

And now to my problem: I try to make some old applications that are built with Classic ASP use the Application Pool identity to connect to SQL. While successfully doing it using Anonymous Authentication set with the Application Pool identity, I lose the ability to recognise the connected user so I can manage them in the application.

Bottom line, I try to find a way to make my application connect to SQL using Application Pool Identity while keeping the ability to identify users with Windows Authentication.

xCliede
  • 21
  • 2
  • I'm not sure how to do this in the older ASP stuff, so I can't give you an answer, but you need to revert to the process token before making the connection to SQL server, then restore the thread's impersonation token. From a Windows API point of view, start by looking at SetThreadToken. – William Mar 04 '15 at 07:49
  • I have read about Access Tokens now. So as far as I understand you, I need to change the access token of the process before I connect to the DB and then back again? I'm not at work at the moment so I'll check for it and post a solution if I succeed. Thanks! – xCliede Mar 04 '15 at 09:23
  • You don't change the process's token, rather you stop impersonating a token a the thread level. Once you stop impersonating, the process token will be used for authentication to SQL server. – William Mar 04 '15 at 21:28

0 Answers0