We're trying very hard to connect an internal webapp to an SQL Server 2008 R2.
I really want to know which authenticated user is connecting to SQL Server.
The IIS and SQL servers are on the same physical box.
I believe we are in the classic "double-hop" scenario.
The best info I've found so far is at:
We've worked through everything in that post, except we're using a single AD account, rather than the 2 in that example. It does not appear to be implied that 2 accounts must be used.
When the Application Pool Defaults are set to use the AD domain account we've set up to connect, the connection is made to SQL Server via TCP, but it always uses NTLM, not Kerberos. If I remove NTLM as a provider in IIS - Authentication, I get a 401 - invalid credentials.
Can anyone point me to where to look next?