Just a few days ago Microsoft released SP2 of it's SQL Server product.  Download it here.  If you're running Vista you'll want this update as pre-SP2 isn't supported on Vista.  Now I'm waiting for one more update (the VS.NET 2005 SP1 for Vista) before I officially make the switch on my primary development machine.

Deploying a web application and a database to a single server is pretty straightforward.  In fact, it's quite common.  However, for a variety of reasons, it may be necessary to separate the database from the web application into two (or more) physically separate machines.  Many a developer may be caught unawares by potential database authentication issues that may arise in this scenario.

If your web application accesses the database directly, with its own set of credentials, your task may not be too complicated.  You may simply need to make sure that Sql Authentication is enabled on the SQL Server.  If Windows Integrated Security is required, there are ways you can accomplish this as well, such as by programmatically impersonating a user, or perhaps by using a COM+ package with a specific identity.

If, on the other hand, your application needs to flow the end user's credentials (e.g. the browsing user's credentials) to the database there are some other things you'll need to consider.  This type of application is common place in a corporate intranet where a user logs on to his machine and can then navigate to a company portal without requiring an additional logon.  The authentication simply happens behind the scenes between the browser and the site.

Due to restrictions imposed by how NTLM works, however, if you must use integrated security and your database server is physically separate from your web application you will be unable to access the database through the website (though you would if you connected directly).  This is because NTLM causes the server to authenticate the client.  The client security token is authenticated by the web server.  When the time comes to connect to the SQL Server as the user, the database server will attempt to authenticate the client (in this particular connection the web server is the client).  The web server will not have the client token so authentication fails.  Essentially, you're given one network/machine “hop“ with your credentials.

This is where Kerberos comes into play.  Kerberos will allow your credentials to flow further, giving the database server the ability to ascertain your security token and grant you access.

If you're developing an ASP.NET application and need this functionality, there are a few things you should have in place to allow for the client credentials to flow across multiple machine boundaries like this:

• Make sure impersonation is set in the web.config via <identity impersonate=“true“ />
• Make sure that the website is set for Windows Authentication / Integrated Security (not anonymous).  If you set for Basic Authentication, the client will be prompted to login upon connecting and the web server will contain the security token and will then, upon attempting to query the database, make its one allotted network “hop“...but that defeats the purpose of the single sign-on we achieve with Windows Authentication.
• Make sure that the machine is trusted for delegation.  This is accomplished in the Active Directory Users and Computers console.
• Make sure that your connection to the remote database is using Named Pipes.

While troubleshooting this scenario you may encounter an error such as “Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'”.  In such an event it is possible that Kerberos is enabled but you're accessing the remote SQL Server via TCP/IP.  Make sure that your connection string specifes to use Named Pipes.

Tonight's User Group presentation went better than last month's, though still not as smoothly as I would have liked.  The demo gods weren't on my side several times tonight.  Despite that, the event worked out for the best.  We held the Utah .NET User Group meeting at a new facility (provided graciously by Digital Draw Network) and sponsored by SOS Technical; it worked out quite well.  Our topic this evening was .NET Serialization.  We addressed serialization from various angles, experimenting with Binary, SOAP, XML, and custom serialization.  In addition we explored creating a custom IFormatter and even touched on versioning of serialized objects.

All in all it was a lot of fun and we had a good time.  I wish I could have done better, but then again, I always do.

Oh, and as an aside, our gathering at Denny's afterwards is getting bigger and better every time.  We had many people show up and it was a blast.  I really look forward to the 'after event' event.

Time has once again flown by!  We're ready to move into February's installment of the Utah .NET User Group on Thursday, February 8th, 2007.

Neumont University, who has been so generous of their time and facilities has a school event that night which occupies both of the rooms we usually meet in. A huge thanks goes out to Digital Draw Network (DDN) for stepping up to the plate and offering space for the User Group to meet :) And - most conveniently - DDN is located in the same office park.

Directions:

When you turn on River Front Parkway off of 10600 South, rather than turning into Neumont, proceed a few buildings down. You'll reach a round-about in the road. Follow that around and turn into the parking log of 10897 South.

Time: 6:00 PM
Date: February 8th, 2007
Place: Digital Draw Network, 10897 South, River Front Parkway, Suite 300

DDN has arranged that the building doors will be open until 6:30. We are very excited about the prospect of meeting there. In fact, due to the multitude of scheduling conflicts for '07, we'll be evaluating the location for future meetings as well. We express our gratitude to DDN for the offer. Additionally, we've arranged to have internet connectivity in the new location (though perhaps not for the first meeting due to the short scheduling notice).

Invite your friends, co-workers, colleagues, enthusiasts, peers, inferiors, and anyone you'd like to attend. The event is free to all.

This month's meeting will focus on .NET Serialization and will be sponsored by SOS Technical.

It'll be a great time! See you there!

I had the opportunity yesterday (at least for the afternoon) to attend the Windows Vista/Office 2007 launch here in Salt Lake City.  While I couldn't make it to the IT portion of the event I was fortunate enough to be on-hand for the more developer focused event and rub shoulders with many good friends.

Pat Wright, Justin Long, Ani Babaian, Kerry Larson (sp?), and I manned a Utah Community table, handing out flyers that advertised user groups and communities in the valley.  We had a lot of interested people come by and some great conversations.  I also had a great time seeing some of my friends from my days at Microsoft :)

While I was not able to actually attend the sessions I had a great time which only got better after the event as many of us (Ani, Harold, Rob, Scott, Craig, and I) went out to dinner and had a great time.

Oh, as added incentive, every attendee of the event received a fully-functional version of Office 2007 Professional.  Very cool.  I was able to acquire a few extra copies to be handed out to the Utah .NET User Group meetings.

Well, it's official.  After many, many hours of hard work I'm finally almost done.  What started out about 7 years ago to be a simple "finish the basement" project is now to the point where I can sit back and look at the fruits of my labors.  In reality, the project didn't take too long to complete (a few months at best), but the fact that the months were spread out over several years made it a tad frustrating and far too lengthy (sounds like some software projects).  In all, I (with the occasional help of family and friends) added about 1300 sq feet to the house consisting of 1) a bedroom, 2) a home theatre/recreation room, 3) a storage room, 4) a craft room, and 5) and office (with an adjoining bathroom)

I guess the reason I'm blogging this is today marks the first day where I'm actually in the new office and working.  Over the weekend I was able to get all of the electrical work done in the basement.  Sure, there are still some loose ends to finish.  I still have a little touch-up painting to do.  I still have to wire up the ethernet, speaker wires, and cable lines.  But it's functional and that's the key.

Prior to today I was taking up a small, much needed bedroom upstairs as my office.  It was filled to the gills with books, papers, boxes - in short, it was a constant and complete wreck.  Moving from a small 11'x11' room to a 13'x23' room is SOOO liberating - and long past due.  I don't have any furniture down here yet.  In fact, my 'desk' is a piece of particle board sitting atop some food storage boxes.  So I'm sitting here on the floor :)  I'm anxious to get started building my desk - I've had this affinity my entire life for custom woodworking/carpentry, and that's a project I've long been anticipating and planning.

Anyway, this long, extended, after-hours project has led to me not having any time for "coding for fun" as all of my free time since December has been consumed in finishing the project.  Many of my personal projects had been put on hold to see the basement project come to completion.  I hope to see that change somewhat over the next few weeks.

...Almost done :)

I was reviewing a post that I made last week and wanted to quickly follow-up with an addendum.  In that post I mentioned using DTS (Data Transformation Services) to effectively pull information from one SQL Server to another, providing an observation about SQL Server and MSDE/SQL Express version interoperability.

Additionally, I went so far as to say that I am able to run my DTS package (which is technical a code package more than an actual, saved package - read COM automation) from a SQL Express 2005 communicating with a SQL Server 2000/2005 server.  This is accurate, but not the complete picture.

I failed to mention that out-of-the-box, it won't work.  That is, the DTS automation components are not, by default, installed when you install SQL Express 2005.  If you're needing to support DTS on a SQL Express 2005 machine, you'll need to install the Microsoft SQL Server 2005 Backward Compatibility Components which can be downloaded here.

Once that piece is installed, it should work fine.  I didn't want to leave this out there and have someone come back and say "hey, what you told me didn't work" because, frankly, I get enough of that ;)

You know...? There are some days where you're with it and have your act together and can speak coherently and formulate your thoughts, and other days where you don't and you stop at green turn arrows while you're driving because you're just fried.  Well, I suppose it happens to everyone once in a while.  It doesn't happen to me all that often, but today (more specifically tonight) was one of those times.

I was giving a presentation to the Utah .NET User Group on SQL Server 2005 Development (SQLCLR, etc) and I just couldn't get my act together and felt completely disorganized.  I suspect the information was fine and the presentation was okay, but I really felt out of sorts.  In a way I feel I did the group a disservice by not being on par with my normal presentations.  While I'd like to offload the blame to something else and make excuses I can't - I must not have been as prepared as I thought and started into it cold, without a plan.  I had actually prepared the presentation quite some time ago and had given it twice to other groups (both of those times went very well and were much more fluid).  Maybe that comfort with the presentation led me not prepare as well as I would have otherwise and I simply started off on the wrong foot.  I can simply say that I wasn't "on my game" and I apologize for that.

Despite all that, in some ways the presentation was successful - the information was imparted and people had good things to say.  Perhaps I'm overly self-critical.

One highlight of the evening was that we had 13 people join us for food/drinks after the meeting (as has been our tradition for about 9 months).  That has been a lot of fun.

I'm looking forward to the coming months - we're trying to put together some different content and meeting formats to mix it up a bit.

In the event you didn't get our reminder email and for all those out there that may stumble upon this post before this afternoon:

Last week we had cancelled the Utah .NET User Group meeting due to inclement weather.  We've been able to reschedule it at our regular location (Neumont University) for tonight at 6:00 PM.  We will be meeting on the 2nd floor (rather than on the usual 3rd floor).

Copied (and edited) from the previous post:

The Utah .NET User Group is getting the year started off with a discussion on SQL Server 2005 Development.  Yours truly has the opportunity to drill down and talk about the SQLCLR as well as many of the improvements to the T-SQL programming model in SQL2005.  It should be a good time.

If you're in the neighborhood (meaning the greater Salt Lake City area), please come on down and enjoy a great evening of code, food, friends, and fun.  We're meeting tonight, January 17th, 2007 @ Neumont University @ 6:00 PM.

As we've had the tradition of doing now for almost a year, several of us get together afterwards for a bite.  Please feel free to join us there too!

Date: Thursday, January 18th, 2007
Time:  6:00 PM (arrive early)
Place: Neumont University, Suite 200 (10701 South River Front Parkway, South Jordan, UT)

It'll be loads of fun - bring your friends!