resolving the issue. For security, I've set up the aspnetdb database on a
remote server in SQL Server 2000. I have IIS 5.1 running on my machine. My
development environment is VS2005 VB.
When I run the app in VS, it runs fine and connects. When I run the app from
IIS, using the site I created on my machine under Inetpub/wwwroot,
I get the same error as that in the subject line of this message. My
connection string for the LocalSqlServer item in Web.config is:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="data
source=serverName;Initial
Catalog=aspnetdb;Trusted_Connection=True;user=user Name;pwd=userPwd;"
providerName="System.Data.SqlClient" />
</connectionStrings>
When I interrogate the servervariables, as suggested in the post below from
Mark Rae, they seem to be nothing. I don't understand this.
When configurating the website, under DirectorySecurity, I configured
Annonymous Access to use my account and password and I can log on to SQL
Server fine on the remote server.
What am I missing, anyone??
S
"Sherri" <Sherri@dotnet.itags.org.discussions.microsoft.comwrote in message
news:EE2CD5F3-0293-49C6-81BC-5C89B484A18C@dotnet.itags.org.microsoft.com...
Quote:
Originally Posted by
I'm new to this so I'll answer the best I can. Its my understanding that
SQL
Server should be using the user account of the person logged in. There is
an
account set up in sql server for this user with permissions to the
database.
1) Interrogate the servervariables collection on any of the aspx pages in
your site, specifically the AUTH_USER or LOGON_USER variables - that will
tell you which user your site is running under. If it's not what you think
it should be, then there's your problem...
2) From SQL Server Management Studio, try to connect to the server in
question by logging in as the user you think your ASP.NET app should be
using... Can you get in? Can you access the database(s) your ASP.NET app
needs to access...? If not, then there's your problem...Sorry to say that. but what you are missing is some basic ASP.NET and SQL
Server security knowledge that you are supposed to have before jump ing into
the ASP.NET and SQL Server boat. Similar question is asked in various NGs
almost daily.
Two key points you need to look at/study on:
1. SQL Server security. You need to decide what security mode to use:
Windows integrated or SQL Server security. With former, you do not pass
username/password in the ConnectionString, with later, you need to have
username/password in the ConnectioNString. If you specify
"Trusted_Connection=True" in the ConnectionString, that means you want to
connect to SQL Server with Windows security. However, you also pass
username/password in your ConnectionString, which will be ignored. That fact
indicates that you have not understood SQLServer security yet. So, make sure
how SQL Server is accessed securely first, before trying to access it from
ASP.NET app.
2. ASP.NET/IIS web server security/configuration. An asp.NET application can
be configured to run under different user account. By default, the user
account is either ASPNET or Network Service on the web server computer
locally. You could configure it to be any other user account (local or
domain account), according to your need. Once you determined the user
account used to run your ASP.NET app, then you configure the SQL Server to
give it necessary access, with the SQL Server security knowledge you have
learned in step 1.
"SAL" <SAL_@.NoNo.comwrote in message
news:eH79PBGgHHA.4924@.TK2MSFTNGP06.phx.gbl...
Quote:
Originally Posted by
>
I am having the same problem here as Sherri and am having a difficult time
resolving the issue. For security, I've set up the aspnetdb database on a
remote server in SQL Server 2000. I have IIS 5.1 running on my machine. My
development environment is VS2005 VB.
When I run the app in VS, it runs fine and connects. When I run the app
from IIS, using the site I created on my machine under Inetpub/wwwroot,
I get the same error as that in the subject line of this message. My
connection string for the LocalSqlServer item in Web.config is:
>
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="data
source=serverName;Initial
Catalog=aspnetdb;Trusted_Connection=True;user=user Name;pwd=userPwd;"
providerName="System.Data.SqlClient" />
</connectionStrings>
>
When I interrogate the servervariables, as suggested in the post below
from Mark Rae, they seem to be nothing. I don't understand this.
>
When configurating the website, under DirectorySecurity, I configured
Annonymous Access to use my account and password and I can log on to SQL
Server fine on the remote server.
>
What am I missing, anyone??
>
S
>
"Sherri" <Sherri@.discussions.microsoft.comwrote in message
news:EE2CD5F3-0293-49C6-81BC-5C89B484A18C@.microsoft.com...
>
Quote:
Originally Posted by
>I'm new to this so I'll answer the best I can. Its my understanding that
>SQL
>Server should be using the user account of the person logged in. There
>is
>an
>account set up in sql server for this user with permissions to the
>database.
>
1) Interrogate the servervariables collection on any of the aspx pages in
your site, specifically the AUTH_USER or LOGON_USER variables - that will
tell you which user your site is running under. If it's not what you think
it should be, then there's your problem...
>
2) From SQL Server Management Studio, try to connect to the server in
question by logging in as the user you think your ASP.NET app should be
using... Can you get in? Can you access the database(s) your ASP.NET app
needs to access...? If not, then there's your problem...
>
OMG, you are so right. I have been very confused on this whole issue. I now
have my two connection strings configured to use SQL Server authentication
and IIS to use the local machine account and it all seems to be working
correctly.
The two connection strings are, one for accessing aspnetdb and the other to
access the data for the application. What still confuses me is why it's
working with the application (IIS) being configured to use the local machine
account.
S
"Norman Yuan" <NotReal@.NotReal.notwrote in message
news:OSyU5SGgHHA.1244@.TK2MSFTNGP04.phx.gbl...
Quote:
Originally Posted by
Sorry to say that. but what you are missing is some basic ASP.NET and SQL
Server security knowledge that you are supposed to have before jump ing
into the ASP.NET and SQL Server boat. Similar question is asked in various
NGs almost daily.
>
Two key points you need to look at/study on:
>
1. SQL Server security. You need to decide what security mode to use:
Windows integrated or SQL Server security. With former, you do not pass
username/password in the ConnectionString, with later, you need to have
username/password in the ConnectioNString. If you specify
"Trusted_Connection=True" in the ConnectionString, that means you want to
connect to SQL Server with Windows security. However, you also pass
username/password in your ConnectionString, which will be ignored. That
fact indicates that you have not understood SQLServer security yet. So,
make sure how SQL Server is accessed securely first, before trying to
access it from ASP.NET app.
>
2. ASP.NET/IIS web server security/configuration. An asp.NET application
can be configured to run under different user account. By default, the
user account is either ASPNET or Network Service on the web server
computer locally. You could configure it to be any other user account
(local or domain account), according to your need. Once you determined the
user account used to run your ASP.NET app, then you configure the SQL
Server to give it necessary access, with the SQL Server security knowledge
you have learned in step 1.
>
>
"SAL" <SAL_@.NoNo.comwrote in message
news:eH79PBGgHHA.4924@.TK2MSFTNGP06.phx.gbl...
Quote:
Originally Posted by
>>
>I am having the same problem here as Sherri and am having a difficult
>time resolving the issue. For security, I've set up the aspnetdb database
>on a remote server in SQL Server 2000. I have IIS 5.1 running on my
>machine. My development environment is VS2005 VB.
>When I run the app in VS, it runs fine and connects. When I run the app
>from IIS, using the site I created on my machine under Inetpub/wwwroot,
>I get the same error as that in the subject line of this message. My
>connection string for the LocalSqlServer item in Web.config is:
>>
><connectionStrings>
> <remove name="LocalSqlServer" />
> <add name="LocalSqlServer" connectionString="data
>source=serverName;Initial
>Catalog=aspnetdb;Trusted_Connection=True;user=user Name;pwd=userPwd;"
>providerName="System.Data.SqlClient" />
></connectionStrings>
>>
>When I interrogate the servervariables, as suggested in the post below
>from Mark Rae, they seem to be nothing. I don't understand this.
>>
>When configurating the website, under DirectorySecurity, I configured
>Annonymous Access to use my account and password and I can log on to SQL
>Server fine on the remote server.
>>
>What am I missing, anyone??
>>
>S
>>
>"Sherri" <Sherri@.discussions.microsoft.comwrote in message
>news:EE2CD5F3-0293-49C6-81BC-5C89B484A18C@.microsoft.com...
>>
Quote:
Originally Posted by
>>I'm new to this so I'll answer the best I can. Its my understanding
>>that
>>SQL
>>Server should be using the user account of the person logged in. There
>>is
>>an
>>account set up in sql server for this user with permissions to the
>>database.
>>
>1) Interrogate the servervariables collection on any of the aspx pages in
>your site, specifically the AUTH_USER or LOGON_USER variables - that will
>tell you which user your site is running under. If it's not what you
>think
>it should be, then there's your problem...
>>
>2) From SQL Server Management Studio, try to connect to the server in
>question by logging in as the user you think your ASP.NET app should be
>using... Can you get in? Can you access the database(s) your ASP.NET app
>needs to access...? If not, then there's your problem...
>>
>
>
0 comments:
Post a Comment