resolving the issue. For security, I've set up the aspnetdb database on a
remote server in SQL Server 2000. I have IIS 5.1 running on my machine. My
development environment is VS2005 VB.
When I run the app in VS, it runs fine and connects. When I run the app from
IIS, using the site I created on my machine under Inetpub/wwwroot,
I get the same error as that in the subject line of this message. My
connection string for the LocalSqlServer item in Web.config is:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="data
source=serverName;Initial
Catalog=aspnetdb;Trusted_Connection=True
;user=userName;pwd=userPwd;"
providerName="System.Data.SqlClient" />
</connectionStrings>
When I interrogate the servervariables, as suggested in the post below from
Mark Rae, they seem to be nothing. I don't understand this.
When configurating the website, under DirectorySecurity, I configured
Annonymous Access to use my account and password and I can log on to SQL
Server fine on the remote server.
What am I missing, anyone'
S
"Sherri" <Sherri@dotnet.itags.org.discussions.microsoft.com> wrote in message
news:EE2CD5F3-0293-49C6-81BC-5C89B484A18C@dotnet.itags.org.microsoft.com...
> I'm new to this so I'll answer the best I can. Its my understanding that
> SQL
> Server should be using the user account of the person logged in. There is
> an
> account set up in sql server for this user with permissions to the
> database.
1) Interrogate the servervariables collection on any of the aspx pages in
your site, specifically the AUTH_USER or LOGON_USER variables - that will
tell you which user your site is running under. If it's not what you think
it should be, then there's your problem...
2) From SQL Server Management Studio, try to connect to the server in
question by logging in as the user you think your ASP.NET app should be
using... Can you get in? Can you access the database(s) your ASP.NET app
needs to access...? If not, then there's your problem...Sorry to say that. but what you are missing is some basic ASP.NET and SQL
Server security knowledge that you are supposed to have before jump ing into
the ASP.NET and SQL Server boat. Similar question is asked in various NGs
almost daily.
Two key points you need to look at/study on:
1. SQL Server security. You need to decide what security mode to use:
Windows integrated or SQL Server security. With former, you do not pass
username/password in the ConnectionString, with later, you need to have
username/password in the ConnectioNString. If you specify
"Trusted_Connection=True" in the ConnectionString, that means you want to
connect to SQL Server with Windows security. However, you also pass
username/password in your ConnectionString, which will be ignored. That fact
indicates that you have not understood SQLServer security yet. So, make sure
how SQL Server is accessed securely first, before trying to access it from
ASP.NET app.
2. ASP.NET/IIS web server security/configuration. An asp.NET application can
be configured to run under different user account. By default, the user
account is either ASPNET or Network Service on the web server computer
locally. You could configure it to be any other user account (local or
domain account), according to your need. Once you determined the user
account used to run your ASP.NET app, then you configure the SQL Server to
give it necessary access, with the SQL Server security knowledge you have
learned in step 1.
"SAL" <SAL_@.NoNo.com> wrote in message
news:eH79PBGgHHA.4924@.TK2MSFTNGP06.phx.gbl...
> I am having the same problem here as Sherri and am having a difficult time
> resolving the issue. For security, I've set up the aspnetdb database on a
> remote server in SQL Server 2000. I have IIS 5.1 running on my machine. My
> development environment is VS2005 VB.
> When I run the app in VS, it runs fine and connects. When I run the app
> from IIS, using the site I created on my machine under Inetpub/wwwroot,
> I get the same error as that in the subject line of this message. My
> connection string for the LocalSqlServer item in Web.config is:
> <connectionStrings>
> <remove name="LocalSqlServer" />
> <add name="LocalSqlServer" connectionString="data
> source=serverName;Initial
> Catalog=aspnetdb;Trusted_Connection=True
;user=userName;pwd=userPwd;"
> providerName="System.Data.SqlClient" />
> </connectionStrings>
> When I interrogate the servervariables, as suggested in the post below
> from Mark Rae, they seem to be nothing. I don't understand this.
> When configurating the website, under DirectorySecurity, I configured
> Annonymous Access to use my account and password and I can log on to SQL
> Server fine on the remote server.
> What am I missing, anyone'
> S
> "Sherri" <Sherri@.discussions.microsoft.com> wrote in message
> news:EE2CD5F3-0293-49C6-81BC-5C89B484A18C@.microsoft.com...
>
> 1) Interrogate the servervariables collection on any of the aspx pages in
> your site, specifically the AUTH_USER or LOGON_USER variables - that will
> tell you which user your site is running under. If it's not what you think
> it should be, then there's your problem...
> 2) From SQL Server Management Studio, try to connect to the server in
> question by logging in as the user you think your ASP.NET app should be
> using... Can you get in? Can you access the database(s) your ASP.NET app
> needs to access...? If not, then there's your problem...
>
OMG, you are so right. I have been very
on this whole issue. I nowhave my two connection strings configured to use SQL Server authentication
and IIS to use the local machine account and it all seems to be working
correctly.
The two connection strings are, one for accessing aspnetdb and the other to
access the data for the application. What still confuses me is why it's
working with the application (IIS) being configured to use the local machine
account.
S
"Norman Yuan" <NotReal@.NotReal.not> wrote in message
news:OSyU5SGgHHA.1244@.TK2MSFTNGP04.phx.gbl...
> Sorry to say that. but what you are missing is some basic ASP.NET and SQL
> Server security knowledge that you are supposed to have before jump ing
> into the ASP.NET and SQL Server boat. Similar question is asked in various
> NGs almost daily.
> Two key points you need to look at/study on:
> 1. SQL Server security. You need to decide what security mode to use:
> Windows integrated or SQL Server security. With former, you do not pass
> username/password in the ConnectionString, with later, you need to have
> username/password in the ConnectioNString. If you specify
> "Trusted_Connection=True" in the ConnectionString, that means you want to
> connect to SQL Server with Windows security. However, you also pass
> username/password in your ConnectionString, which will be ignored. That
> fact indicates that you have not understood SQLServer security yet. So,
> make sure how SQL Server is accessed securely first, before trying to
> access it from ASP.NET app.
> 2. ASP.NET/IIS web server security/configuration. An asp.NET application
> can be configured to run under different user account. By default, the
> user account is either ASPNET or Network Service on the web server
> computer locally. You could configure it to be any other user account
> (local or domain account), according to your need. Once you determined the
> user account used to run your ASP.NET app, then you configure the SQL
> Server to give it necessary access, with the SQL Server security knowledge
> you have learned in step 1.
>
> "SAL" <SAL_@.NoNo.com> wrote in message
> news:eH79PBGgHHA.4924@.TK2MSFTNGP06.phx.gbl...
>
0 comments:
Post a Comment