I am having a problem with users being prompted to authenticate twice within
an application. I know this is related to the current design but for
scalability and isolation I want to keep the infrastructure design as is.
Currently I have two IIS 6 2k3 servers in an NLB. I have a web application
installed on this which is a front end for running reports. I then have two
IIS 6 2k3 servers running sql 2000 RS in an NLB farm. Finally there is a
Clustered SQL 2000 server where the application database and RS databases
exist. The application requires Basic w/SSL at the website level. This is
the first authentication. When the users go to run a report the first report
goes to the RS Farm and the users are authenticated once again. Once they
have authenticated by the web farm and the RS farm they no longer have to
authenticate but I'm trying to get it to a SSO.
From my experience, if I try using Integrated authentication then the UN and
Pass doesn't get passed onto the sql server and they cannot authenticate to
access the app database. If I try using integrated ont he RS farm I have an
issue where the UN and pass doesn't get passed to sql there. Based on what I
am seeing the fact that it requires 2 logons, 1 per farm, actually makes
sense but I would think this would be the most scalable and isolated design
you could have so it seems to me that there should just be a way for the SSO.
I would like to be able to do this at an admin or infrastructure design
level as the application is from a third party vendor and I don't want to try
and get them to recode anything. Any help would be appreciated.The problem was with Windows 2003 SP1 and IIS6.
Had to disable loopback check and then change RS to using Integrated
authentication. After that I was able to get in locally to /reports
http://support.microsoft.com/default.aspx?scid=kb;en-us;896861
"Chris Fauver" wrote:
> I am having a problem with users being prompted to authenticate twice within
> an application. I know this is related to the current design but for
> scalability and isolation I want to keep the infrastructure design as is.
> Currently I have two IIS 6 2k3 servers in an NLB. I have a web application
> installed on this which is a front end for running reports. I then have two
> IIS 6 2k3 servers running sql 2000 RS in an NLB farm. Finally there is a
> Clustered SQL 2000 server where the application database and RS databases
> exist. The application requires Basic w/SSL at the website level. This is
> the first authentication. When the users go to run a report the first report
> goes to the RS Farm and the users are authenticated once again. Once they
> have authenticated by the web farm and the RS farm they no longer have to
> authenticate but I'm trying to get it to a SSO.
> From my experience, if I try using Integrated authentication then the UN and
> Pass doesn't get passed onto the sql server and they cannot authenticate to
> access the app database. If I try using integrated ont he RS farm I have an
> issue where the UN and pass doesn't get passed to sql there. Based on what I
> am seeing the fact that it requires 2 logons, 1 per farm, actually makes
> sense but I would think this would be the most scalable and isolated design
> you could have so it seems to me that there should just be a way for the SSO.
>
> I would like to be able to do this at an admin or infrastructure design
> level as the application is from a third party vendor and I don't want to try
> and get them to recode anything. Any help would be appreciated.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment