the web application use SPPI to connect to database.
"Login failed for user '(null)'. Reason: Not associated with a trusted
connection"
The web application is grant to a group only in web.config
<authorization>
<allow roles="Domain\AGroup" />
<deny users="*" />
</authorization
I have two 2 accounts, userA and userB, which belong to the same group
"Domain\AGroup". userA can access the web application successfully, whereas
userB cannot and prompted the above error.
Do all you have encountered the same problem?
Thanks!Is the database on the same machine?
Are you using impersonation <identity impersonate="true"/> ?
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Fri, 29 Apr 2005 02:32:14 -0700, boy
<boy@.discussions.microsoft.com> wrote:
>I got the following error message when I access the web application, in which
>the web application use SPPI to connect to database.
>"Login failed for user '(null)'. Reason: Not associated with a trusted
>connection"
>The web application is grant to a group only in web.config
> <authorization>
><allow roles="Domain\AGroup" />
><deny users="*" />
> </authorization>
>I have two 2 accounts, userA and userB, which belong to the same group
>"Domain\AGroup". userA can access the web application successfully, whereas
>userB cannot and prompted the above error.
>Do all you have encountered the same problem?
>Thanks!
yes, i used impersonation <identity impersonate="true"/> in the web.config.
if i didn't, all accounts, userA and userB should failed to connect to
database.
however, acount, userA can access succesfully!
the database is installed on another machine from the web application.
"Scott Allen" wrote:
> Is the database on the same machine?
> Are you using impersonation <identity impersonate="true"/> ?
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
> On Fri, 29 Apr 2005 02:32:14 -0700, boy
> <boy@.discussions.microsoft.com> wrote:
> >I got the following error message when I access the web application, in which
> >the web application use SPPI to connect to database.
> >"Login failed for user '(null)'. Reason: Not associated with a trusted
> >connection"
> >The web application is grant to a group only in web.config
> > <authorization>
> ><allow roles="Domain\AGroup" />
> ><deny users="*" />
> > </authorization>
> >I have two 2 accounts, userA and userB, which belong to the same group
> >"Domain\AGroup". userA can access the web application successfully, whereas
> >userB cannot and prompted the above error.
> >Do all you have encountered the same problem?
> >Thanks!
>
Boy:)
U are saying User! can log in successfully but UserB can't!
Thats wierd.
But do they both have the ASPNET account?
Try adding the 2 users to the ASPNET acct..
Hope this helps
Patrick
*** Sent via Developersdex http://www.developersdex.com ***
Um.
Both UserA and UserB can pass the IIS authentication. After authentication,
their identities were impersonated to access database. However, only UserA
can access db succesffully.
"Patrick Olurotimi Ige" wrote:
> Boy:)
> U are saying User! can log in successfully but UserB can't!
> Thats wierd.
> But do they both have the ASPNET account?
> Try adding the 2 users to the ASPNET acct..
> Hope this helps
> Patrick
> *** Sent via Developersdex http://www.developersdex.com ***
Can UserB access the DB now?
*** Sent via Developersdex http://www.developersdex.com ***
The following result is the result i got at the very beginning, event though
i haven't added them to the ASPNET account.
-- Um.
-- Both UserA and UserB can pass the IIS authentication. After
authentication,
-- their identities were impersonated to access database. However, only UserA
-- can access db succesffully.
Your suggested method is used to allow both users to pass the
authentication, am i right? However, my problem is...both users can pass the
NT/IIS authentication.
"Patrick Olurotimi Ige" wrote:
> Can UserB access the DB now?
>
>
> *** Sent via Developersdex http://www.developersdex.com ***
If you use Query Analyzer Can both users login to the Database?
Try adding the users to ASPNET account?
Are u in a DOMAIN environment?
And how are u connecting to the Database? Are u using Windows
Authentication?
Patrick
*** Sent via Developersdex http://www.developersdex.com ***
My suggestion would be to launch SQL Profiler and see what accounts
the database server is actually seeing when the users try to connect.
SQL Profiler will allow you to watch login/logout events.
Alternatively you could use the SQL audit log in enterprise manager.
The reason I say you should see what accounts are incoming is that
impersonation doesn't work if there is a second hop involved across
the network. If UserA is actually logged into the web server and
running IE then impersonation works, because UserA's credentials only
make one hop (from the web server to the database server). If UserB is
on a third machine, then UserB's credentials can hop from the client
machine to the web server, but can't make a second hop from the web
server to the database server.
HTH,
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Fri, 29 Apr 2005 22:26:02 -0700, boy
<boy@.discussions.microsoft.com> wrote:
>The following result is the result i got at the very beginning, event though
>i haven't added them to the ASPNET account.
>-- Um.
>-- Both UserA and UserB can pass the IIS authentication. After
>authentication,
>-- their identities were impersonated to access database. However, only UserA
>-- can access db succesffully.
>
>Your suggested method is used to allow both users to pass the
>authentication, am i right? However, my problem is...both users can pass the
>NT/IIS authentication.
>
>"Patrick Olurotimi Ige" wrote:
>> Can UserB access the DB now?
>>
>>
>>
>>
>> *** Sent via Developersdex http://www.developersdex.com ***
>
The situation is the same for all users.
User A & B--> Web Server (impersonation) --> database.
I found from the event log(event viewer) of web server that both user can
successfully login the web server. i.e. userB can't make a second hop from
the web
server to the database server, but userA...
what's going on...!?!?
I did another testing....I migrated the web server to another server. Both
userA and userB can access database now. Problem solved.
However, i want to figure out...what's wrong the orginal server's
configuration....
Anyway, thx alot your reply
"Scott Allen" wrote:
> My suggestion would be to launch SQL Profiler and see what accounts
> the database server is actually seeing when the users try to connect.
> SQL Profiler will allow you to watch login/logout events.
> Alternatively you could use the SQL audit log in enterprise manager.
> The reason I say you should see what accounts are incoming is that
> impersonation doesn't work if there is a second hop involved across
> the network. If UserA is actually logged into the web server and
> running IE then impersonation works, because UserA's credentials only
> make one hop (from the web server to the database server). If UserB is
> on a third machine, then UserB's credentials can hop from the client
> machine to the web server, but can't make a second hop from the web
> server to the database server.
> HTH,
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
> On Fri, 29 Apr 2005 22:26:02 -0700, boy
> <boy@.discussions.microsoft.com> wrote:
> >The following result is the result i got at the very beginning, event though
> >i haven't added them to the ASPNET account.
> >-- Um.
> >-- Both UserA and UserB can pass the IIS authentication. After
> >authentication,
> >-- their identities were impersonated to access database. However, only UserA
> >-- can access db succesffully.
> >Your suggested method is used to allow both users to pass the
> >authentication, am i right? However, my problem is...both users can pass the
> >NT/IIS authentication.
> >"Patrick Olurotimi Ige" wrote:
> >> Can UserB access the DB now?
> >>
> >>
> >>
> >>
> >> *** Sent via Developersdex http://www.developersdex.com ***
> >>
>
did anyone else encounter the same problem!!!
Help Help Help
"boy" wrote:
> The situation is the same for all users.
> User A & B--> Web Server (impersonation) --> database.
> I found from the event log(event viewer) of web server that both user can
> successfully login the web server. i.e. userB can't make a second hop from
> the web
> server to the database server, but userA...
> what's going on...!?!?
>
> I did another testing....I migrated the web server to another server. Both
> userA and userB can access database now. Problem solved.
> However, i want to figure out...what's wrong the orginal server's
> configuration....
> Anyway, thx alot your reply
> "Scott Allen" wrote:
> > My suggestion would be to launch SQL Profiler and see what accounts
> > the database server is actually seeing when the users try to connect.
> > SQL Profiler will allow you to watch login/logout events.
> > Alternatively you could use the SQL audit log in enterprise manager.
> > The reason I say you should see what accounts are incoming is that
> > impersonation doesn't work if there is a second hop involved across
> > the network. If UserA is actually logged into the web server and
> > running IE then impersonation works, because UserA's credentials only
> > make one hop (from the web server to the database server). If UserB is
> > on a third machine, then UserB's credentials can hop from the client
> > machine to the web server, but can't make a second hop from the web
> > server to the database server.
> > HTH,
> > --
> > Scott
> > http://www.OdeToCode.com/blogs/scott/
> > On Fri, 29 Apr 2005 22:26:02 -0700, boy
> > <boy@.discussions.microsoft.com> wrote:
> > >The following result is the result i got at the very beginning, event though
> > >i haven't added them to the ASPNET account.
> > >-- Um.
> > >-- Both UserA and UserB can pass the IIS authentication. After
> > >authentication,
> > >-- their identities were impersonated to access database. However, only UserA
> > >-- can access db succesffully.
> > > > >Your suggested method is used to allow both users to pass the
> > >authentication, am i right? However, my problem is...both users can pass the
> > >NT/IIS authentication.
> > > > > >"Patrick Olurotimi Ige" wrote:
> > > >> Can UserB access the DB now?
> > >>
> > >>
> > >>
> > >>
> > >> *** Sent via Developersdex http://www.developersdex.com ***
> > >>
Boy,
Sql Profiler could really help as previous post adviced!
Any if u finally got where u got stuck.
It would be nice if you can hint back
*** Sent via Developersdex http://www.developersdex.com ***
I still can't find the solution. I just migrated the web application for
testing only. I need to find out what's going on with the original server...
anyway, how can the SQL Profiler be help? can u elaborate more?
"Patrick Olurotimi Ige" wrote:
> Boy,
> Sql Profiler could really help as previous post adviced!
> Any if u finally got where u got stuck.
> It would be nice if you can hint back
>
> *** Sent via Developersdex http://www.developersdex.com ***
With profiler you can see who is logging in, with the audit logs in
SQL you can see who failed to login. Perhaps UserA is getting in
because they are in different Windows groups than userB...
--
Scott
http://www.OdeToCode.com/blogs/scott/
On Tue, 3 May 2005 20:15:02 -0700, boy <boy@.discussions.microsoft.com>
wrote:
>I still can't find the solution. I just migrated the web application for
>testing only. I need to find out what's going on with the original server...
>anyway, how can the SQL Profiler be help? can u elaborate more?
>"Patrick Olurotimi Ige" wrote:
>> Boy,
>> Sql Profiler could really help as previous post adviced!
>> Any if u finally got where u got stuck.
>> It would be nice if you can hint back
>>
>>
>>
>> *** Sent via Developersdex http://www.developersdex.com ***
>
Thanks and let me try.
Out of energy on this issue~!
UserB failed to access to the db for all the servers in the webfarm, but
UserB can access to the db successfully when i put the web application in a
stand-alone server...
"Scott Allen" wrote:
> With profiler you can see who is logging in, with the audit logs in
> SQL you can see who failed to login. Perhaps UserA is getting in
> because they are in different Windows groups than userB...
> --
> Scott
> http://www.OdeToCode.com/blogs/scott/
> On Tue, 3 May 2005 20:15:02 -0700, boy <boy@.discussions.microsoft.com>
> wrote:
> >I still can't find the solution. I just migrated the web application for
> >testing only. I need to find out what's going on with the original server...
> >anyway, how can the SQL Profiler be help? can u elaborate more?
> >"Patrick Olurotimi Ige" wrote:
> >> Boy,
> >> Sql Profiler could really help as previous post adviced!
> >> Any if u finally got where u got stuck.
> >> It would be nice if you can hint back
> >>
> >>
> >>
> >> *** Sent via Developersdex http://www.developersdex.com ***
> >>
>
0 comments:
Post a Comment