 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / July 2007ASP.NET SQL Server logon permission denied
I have created a simple ASP.NET application on the intranet, accessible only to 2 users who will log in as Administrator; the server runs Windows 2000 Advanced Server. Page language is C#. The application accesses a database that runs on SQL Server 2005 Express Edition, on the same machine where the application is hosted. The database is used widely in our office from Windows Forms applications, and in the ASP.NET application, I used the same connection string I use for Windows Forms applications. Everything works fine when debugging the new ASP.NET application in Visual Studio because VS automatically logs in as Administrator. However, when I run the application from a browser - locally or across the intranet, it denies access to the database with the following message: [SqlException (0x80131904): Cannot open database "Records" requested by the login. The login failed. Login failed for user 'MACHINENAME\ASPNET'.] So I disabled Anonymous Access in ISM, and enabled Integrated Windows Authentication so that I would be automatically logged in as Administrator. I also revised the Web.Config file for this application to deny access to all but Administrators. In the Form.Load section of the page, I put the following code to display the username so I can be sure: string userstring = User.Identity.Name.ToString(); Response.Write(userstring); When the page loads, it shows the Administrator name at the top, so that's working correctly. However, I still get the same error message - it denies access to the database for user MACHINENAME\ASPNET, even though I'm logged into the application as Administrator. Any ideas would be most appreciated. Thanks. if the database is on the same machine as the web app - you may wanna add <identity impersonate="true" /> ----- Dominick Baier (http://www.leastprivilege.com) Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp) > I have created a simple ASP.NET application on the intranet, > accessible only to 2 users who will log in as Administrator; the [quoted text clipped - 28 lines] > > Any ideas would be most appreciated. Thanks. Only using Windows Authentication in IIS does not make the ASP.NET app run under current user's windows/domain account. Authentication, well, is Authentication, it is just way to determine who the user is. In your case, you have to make sure the ASP.NET app is run under a user account that have acess to the said SQL Server. Since you want use the user account who access the the ASP.NET app from client computer, you need: 1. Make sure IIS use Windows Authentication (you have done that); 2. Make sure in the ASP.NET app's web.config file <authentication mode="Windows" />; 3. you need to enable "impersonate": make sure the web.config file has this in it: <identification impersonate="true" /> now, the ASP.NET app will run under the user account that a user log onto his computer. As long as that user account has access to the said SQL Server database, the ASP.NET app will has the same access. >I have created a simple ASP.NET application on the intranet, accessible >only to 2 users who will log in as Administrator; the server runs Windows [quoted text clipped - 26 lines] > > Any ideas would be most appreciated. Thanks.
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.