e
to solve our current problem. The developers in my office are all new to
C#.net. We have been developing an application using Visual Studio .NET 200
3
and IIS 6 with SQL Server 2000. Up until this point each developer has used
a local copy of IIS and connected to sql server on a remote server without
any problems. Next w
we have a demo, and I have tried to deploy oursolution to the IIS(6) on the remote server which also hosts the SQL server
we have been using. Now we all get the 'Login failed for user (null).....'
error message.
The web.config has the following:
<authentication mode="Windows"/>
<identity impersonate="true" />
Integrated Security = SSPI is a part of the connection string.
On the remote server, Sql server is set to use both windows and sql server
authentication
IIS is set for Integrated Windows authentication.
We cannot use active directory and therefore do not have Kerberos enabled.
Any help would be greatly appreciated.
Thanks
Sherri"Sherri" <Sherri@.discussions.microsoft.com> wrote in message
news:869C31CE-EFCF-4BC7-B406-F217FEB815D0@.microsoft.com...
> we have been using. Now we all get the 'Login failed for user
> (null).....'
> error message.
> The web.config has the following:
> <authentication mode="Windows"/>
> <identity impersonate="true" />
> Integrated Security = SSPI is a part of the connection string.
> On the remote server, Sql server is set to use both windows and sql server
> authentication
> IIS is set for Integrated Windows authentication.
> We cannot use active directory and therefore do not have Kerberos enabled.
> Any help would be greatly appreciated.
By specifying Integrated Security, you've told ASP.NET to try to connect to
SQL Server with the account that it's currently running under.
You've also told ASP.NET not to run under its default account, but to
impersonate a different account instead.
So, have you set up the account that ASP.NET is impersonating as a valid
user in the SQL Server database that you're trying to connect to...?
Sherri,
If your developers have IIS and SQL installed on the same box the user token
for SSPI will be passed to SQL for the login. If your demo environment has
the IIS and SQL on different boxes this would explain your issue. IIS can
not pass the Windows user token to another machine on the network. The
simplest solution will be to add and SQL server username and password to the
connection string. If you want to use windows authentication and SSPI you
will have to configure Active Directory to pass the Kerberos ticket along to
the next machine for authentication.
Hope this helps.
Kris
"Sherri" <Sherri@.discussions.microsoft.com> wrote in message
news:869C31CE-EFCF-4BC7-B406-F217FEB815D0@.microsoft.com...
>I know this question has been posted in many places, but I have not been
>able
> to solve our current problem. The developers in my office are all new to
> C#.net. We have been developing an application using Visual Studio .NET
> 2003
> and IIS 6 with SQL Server 2000. Up until this point each developer has
> used
> a local copy of IIS and connected to sql server on a remote server without
> any problems. Next w
we have a demo, and I have tried to deploy our> solution to the IIS(6) on the remote server which also hosts the SQL
> server
> we have been using. Now we all get the 'Login failed for user
> (null).....'
> error message.
> The web.config has the following:
> <authentication mode="Windows"/>
> <identity impersonate="true" />
> Integrated Security = SSPI is a part of the connection string.
> On the remote server, Sql server is set to use both windows and sql server
> authentication
> IIS is set for Integrated Windows authentication.
> We cannot use active directory and therefore do not have Kerberos enabled.
> Any help would be greatly appreciated.
> Thanks
> Sherri
>
"Kris Lankford" <knlankford@.hotmail.com> wrote in message
news:03604E35-A53C-443A-928A-EB9594715266@.microsoft.com...
> IIS can not pass the Windows user token to another machine on the network.
Are you sure about this...? I'm doing precisely this on my current
project...
1) A new user has been created which has slightly more privileges than the
default user which ASP.NET uses - principally to support writing to
ActiveDirectory...
2) The ASP.NET app impersonates this user - set up in web.config /
aspnet_setreg...
3) SQL Server 2005, configured for integrated security, is running on a
different machine...
4) The new user has been added as a valid login to SQL Server, and granted
sufficient permissions on the databases it needs
5) ASP.NET uses the "SSPI" connection string
Works perfectly...
0 comments:
Post a Comment