Re: sql server and asp.net problem
From: Hermit Dave (hermitd.REMOVE_at_CAPS.AND.DOTS.hotmail.com)
Date: 10/10/04
- Next message: Scott M.: "Re: Detecting and handling an expired session in ASP.net"
- Previous message: Simon: "Detecting and handling an expired session in ASP.net"
- In reply to: Steven Cheng[MSFT]: "RE: sql server and asp.net problem"
- Next in thread: Brian Henry: "Re: sql server and asp.net problem"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 10 Oct 2004 18:05:12 +0100
Thank you steven. Hey, it does mention IIS 6 on Windows 2003 Server and how
to get SQL Server access denied problem sorted :)
you just have to scroll a bit further down.
-- Regards, Hermit Dave (http://hdave.blogspot.com) "Steven Cheng[MSFT]" <v-schang@online.microsoft.com> wrote in message news:xCIDF#prEHA.2804@cpmsftngxa06.phx.gbl... > Thanks for Hermit's informative resources. > > Hi Brian, > > The problem you meet is a general permission issue on asp.net when > accessing sqlserver. As you mentioned on 2k machine, we can grant the > permission to the machine\aspnet and make it work. But it didn't work on > 2k3 machine. This is because the different process isolation model between > them. > > The <processModel> setting is the one worked for asp.net on win2k or xp > machine which can use <processModel> to specify process identity . > > #Configuring ASP.NET Process Identity > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm > l/cpconConfiguringASPNETProcessIdentity.asp > > On w2k3 with iis6, this model is also available but by default is not used. > The default process isolation model is applicaiton pool setting( can > configure in IIS management console) > The application pool setting can help speicify an asp.net web application > under a certain application pool and each application pool can configure a > process identity. And the default value is the NT AUTHORITY\NETWORK > SERVICE account which is in the IIS_WPG group. So as for the problem, we > have serveal approachs: > 1. in sqlsever directly add an login identity ( type the "NT > AUTHORITY\NETWORK SERVICE" directly in the name entry field since it's a > hidden account > and grant it the sufficient permission > > 2. Grant the IIS_WPG group sufficient rights since the NETWORK SERVICE > account is in this group. > > 3. Find the applicaton pool setting in IIS6 and change its identity account > so as to let the application run under a different account > > 4. Swtich to use the older model in 2k iis5 , use the <processModel> and > machine\aspnet account (but is not recommeded) > > > Here is some further resource on the new application pool isolation model > on IIS6: > > #IIS 6.0 Application Isolation Modes > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm > l/cpconiis60applicationisolationmodes.asp > > #Mapping ASP.NET Process Model Settings to IIS 6.0 Application Pool Settings > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm > l/cpconaspnetprocessmodelsettingequivalencetoapplicationpoolsettings.asp > > Hope helps. If you have any other questions, please feel free to post here. > > Regards, > > Steven Cheng > Microsoft Online Support > > Get Secure! www.microsoft.com/security > (This posting is provided "AS IS", with no warranties, and confers no > rights.) >
- Next message: Scott M.: "Re: Detecting and handling an expired session in ASP.net"
- Previous message: Simon: "Detecting and handling an expired session in ASP.net"
- In reply to: Steven Cheng[MSFT]: "RE: sql server and asp.net problem"
- Next in thread: Brian Henry: "Re: sql server and asp.net problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
