Hi,

we currently facing a problem with AS2005 and ASP.NET 2.0 impersonation
/ delegation under W2k3:

We use a W2k3 SP1 box with IIS 6.0 / ASP.NET 2.0 and AS2005 RTM. User
access Cubes via a web-application based on the CellSetGrid
(http://www.sqlserveranalysisservices...GridIntro.htm).
Integrated Windows Authentification for SSO, Impersonation in
web.config and Integrated Security for AS-Access are all activated.

If the ASP Worker Process and the AS are running under Local System
account, everything works fine (SSO via Kerberos) except that the
Username() MDX-Function returns a blank string. If we switch to Basic
Authentification, UserName contains the expected value.

I thought about a Double Hop problem but because of the fact that all
services are running on the same machine this should not be the
problem? Or is this a bug in AS2005?

TnXs for replies,

Martin Saalmann

what is your connectionstring?

in the locale group policy (gpedit.msc)
under the Computer > Windows > Security settings > Local Policies > user
rights assignment
verify if the account used for the application pool is under these options:
Act as part of the OS
Impersonate a client after authentication

using the SQL Profiler, verify which account is used when you query the
cubes.


"MSaalmann" <saalmann (AT) weite-welt (DOT) com> wrote

Jéjé wrote:
<add key="ConnectionString" value="Provider=MSOLAP.2;Data
Source=localhost;Catalog=Name;Integrated Security=SSPI"/>

I did both but with no affect. Local System should have these rights
anyway?

I already did this. The Profiler shows the correct User - so
SSPI-Authentification from the above Connection String seems to work.
Only the MDX Username() Function is blank/empty/null/"".

Regards,

Martin

oohh... you use the AS2000 provider (MSOLAP.2)
try using MSOLAP.3

"MSaalmann" <saalmann (AT) weite-welt (DOT) com> wrote


Jéjé wrote:
<add key="ConnectionString" value="Provider=MSOLAP.2;Data
Source=localhost;Catalog=Name;Integrated Security=SSPI"/>

I did both but with no affect. Local System should have these rights
anyway?

I already did this. The Profiler shows the correct User - so
SSPI-Authentification from the above Connection String seems to work.
Only the MDX Username() Function is blank/empty/null/"".

Regards,

Martin

Martin, I think you need SP1...

Thanks,
Akshai

--
Try out the MSDN Forums for Analysis Services at:
http://forums.microsoft.com/MSDN/Sho...ID=83&SiteID=1

This posting is provided "AS IS" with no warranties, and confers no rights
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

"Jéjé" <willgart_A_ (AT) hotmail_A_ (DOT) com> wrote

Akshai Mirchandani [MS] wrote:
I installed SP1 today and the error is gone.

Thanks,

Martin