Creating dummy SQL for Kerberos Lab

  • 614 Views
  • Last Post 02 August 2019
Mahdi posted this 31 July 2019

Hey Folks,

 

Thins are a bit unclear for me with Kerberos and SQL and I won't be happy unless I test things behind Kerberos and SQL in my lab, the question is, do you have any idea so that I can have SQL and an APP (two different servers) in my lab so that I can test things related to single hop and double hop? I ask this because I am not expert in programming and I cannot develop a simple app for that. 

What would you do if you wanted to have a basic setup in your LAB to test these concepts out?

 

Order By: Standard | Newest | Votes
ken posted this 02 August 2019

If you want to this in Windows:

 



  1. Setup Server1 with IIS
  2. Setup Server 2 with SQL Server
  3. Setup Server 3 as a Domain Controller, and join Server1 and Server2 to the domain
  4. Configure IIS website to use Negotiate or Kerberos authentication
  5. Create a very simple ASP.NET page that  does a couple of things:





    1. Connects to the SQL Server using a “trusted connection” and then prints “Hello World”
    2. Toggle <identity impersonate=”true”>. When impersonate is false, then ASP.NET page will use whatever account you use for the IIS website to

      connect to SQL Server – the end user’s credentials are only used to authenticate to IIS (aka single hop). When impersonate is true, then ASP.NET will attempt to use the end user’s credentials (aka double hop)




 

show

ZJORZ posted this 02 August 2019

See if this oldie works for you:DelegConfig v2
https://www.iis.net/downloads/community/2009/06/delegconfig-v2-beta-delegation-kerberos-configuration-tool







Met Vriendelijke Groet / Cumprimentos / Kind Regards,Jorge de Almeida Pinto
MVP Enterprise Mobility and Security (EMS) | MCP/MCSE/MCITP/exMCT
MVP Profile: http://tiny.cc/JorgeMVPDSBlog : http://tiny.cc/JQFKblogFacebook : http://tiny.cc/JQFKfacebookTwitter: http://tiny.cc/JQFKtwitter
(+++Sent from my mobile device +++)(Apologies for any typos)

show

Close