I have two servers. First one is a server with ASP app on it and the second one is an LDAP auth server. I need to login on app server over LDAP on the second server and I need to use windows auth (NTLM or Negotiate). As I know based on my research to login on the server using active directory domain from other server they must be in the same local network. This can be established by VPN. But the thing is that I can't use a VPN. Can it be established somehow? I'm currently trying to configure IIS to not identify my user on my current domain and serve the credentials to remote server over LDAP using .Net. Sorry if I have a wrong understanding about something, I'm still newbie in windows auth and AD. Correct me if I wrong in something.
I'm using ASP.NET Core RC2 and IISExpress 10 on my local machine and my target framework is 452 due to using some old modules.
On remote app server I'm using IIS 8.5
Related
Ok, I have followed the steps from https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-active-directory-authentication?view=sql-server-2017 to try and fix this issue as well as the SUSE/Redhat documentation for connecting to an AD server.
The servers are on the domain, I can log into the servers with my domain credentials but when I attempt to login to SQL as a domain user ( that is a Sysadmin on the SQL Server ) I get a the Login failed, the login is from an Untrusted domain and cannot be used with integrated authentication ( Error 18452) when attempting to use SSMS from a Windows box that works if I log in with a local account from it. When I log in as the domain user on the linux box I get the SSPI Provider: Server not found in Kerberos database and Cannot Generate SSPI context. Iif I use sqlcmd for a local user connecting to the FQDN of either server it connects fine. I haven't touched Linux from an Admin standpoint in over 15 years.
This is on both a SUSE 12 SP2 and a Redhat 7.5 server in our test environment. Not a big deal for me but our users are complaining because they now need a local account to log in for testing purposes instead of just using their domain accounts like the Windows side of things. Any help is greatly appreciated, most of what I am finding online just points me back to the Microsoft document and I have basically rebuilt the servers a couple times trying to add it to the domain before installing SQL and also after installing SQL to see if that made any difference, get the same error both ways.
Here is the scenario:
A web server is running on IIS 8.5 using AppPoolIdendtity to pass through the credential to connect to Reporting Service which is remotely installed in a MSSQL Server.
The reporting service has added the machine account DOMAIN\MACHINENAME$ to the system role assignment from http://MSSSQLRS/ReportServer as System Administrator like this:
The permissions granted to user ' are insufficient for performing this operation. (rsAccessDenied)"}
Testing local MSSQL server is smooth with local access. However, whenever the connection is established from the IIS web server. The "rsAccessDenied" error came up as DOMAIN\MACHINENAME$ user.
Not sure what else is wrong either on the WEB IIS or MSSQL server....
Sounds like RS Windows NTLM is not configured correctly. See this article.
in the company i work for we've got a lot of windows 20xx servers.
we're using an active directory domain controller for authentication.
programs like SharePoint or Dynamics CRM 2015 (hosted on IIS of course) don't need a separate input of user credentials when opened in IE. you open it and you're logged in - magic :) i think it's something that only works with IIS?
i'm developing AngularJS applications with a NodeJS backend. NodeJS backend runs on linux machine, AngularJS app is hosted on the same machine by Nginx webserver. everything is in the same network.
is there any way to authenticate a user in my AngularJS app hosted on that linux machine without asking him/her for his/her credentials? a working solution that doesn't require IE would be best case.
thank you very much!
I have a Win 2012 server with IIS 8 running on that. Also installed Management Service with Remote Access allowed.
Another admin-user account is used to set up few default websites and now when I login to the same server using my admin-user account, I cannot see anything in the IIS.
I have tried connecting to server as localhost and with computer name as well but not allowing me to connect.
Any help on this would be great.
Found the issue -
There is a firewall implemented for the domain users to access. And when I tried to login as an Admin who is not permitted by firewall, I am just able to access the machine and internally my IIS component is not able to connect with the localhost or local server.
I am developing a web app that is not doing anything fancy. The parent company wants to use a cloud based IIS service to support the web app and then submit the information to the client's local SQL servers through the internet and the client's firewalls.
Traffic isn't that much of an issue, we are talking about probably no more than 10 submissions daily per client. My question is with regard to connecting to the client's SQL servers and running the Stored Proc on each server.
We already have admin privileges on the firewalls and servers to do what we need to do to make anything happen.
What would be my best/reliable/secure method to implement this service?
Page asks for 10 items of info then submits to Stored Proc, that's it... with a local IIS server there is no problem, works nice. I want to make sure that the information stays secured, not just for the 10 items, but the SQL server and any security between it and the IIS server.
Any recommendations?
I would recommend setting up a VPN tunnel between the remote IIS server and the in-house SQL server. With a VPN tunnel, the SQL server is just like any other server on the network to the app.