Re: SQL Server trust connection failed in Windows 2003 for ASP.NET
From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 01/25/05
- Next message: Gloria: "Error15401: WindowsNT user or group 'domain\username' not found."
- Previous message: Charts: "Re: SQL Server trust connection failed in Windows 2003 for ASP.NET"
- In reply to: Charts: "Re: SQL Server trust connection failed in Windows 2003 for ASP.NET"
- Next in thread: Stephen Dybing [MSFT]: "Re: SQL Server trust connection failed in Windows 2003 for ASP.NET app"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 Jan 2005 12:39:08 -0700
I'm not sure where you are missing something. When you
compare the two machines, did you also check the identity
and authentication elements in the web.config files?
-Sue
On Tue, 25 Jan 2005 07:29:03 -0800, Charts
<Wcharts@newsgroups.nospam> wrote:
>Sue,
>Your instruction is very helpful. If I set impersonation=true in ASP.NET
>web.config file, and assign the database access to IUSR_machinename, the SQL
>Server trust connection works. However according to the reference you
>recommended to me, If I do not use impersonation, ASP.NET application will
>use ASPNET account instead of NT AUTHORITY\NETWORK SERVICE. I have no idea
>where to set SQL Server DB permission for machine.config account since it
>does show in the user list when I tried to add this account to SQL Server new
>login. I have another machine running Windows 2003. I added ASPNET account
>to SQL Server login and assigned proper database permissions. It works fine
>for SQL Server trust connection without impersonation. I compared
>machine.config for both machines. They both have a following setting for
>processModel entry.
>userName="machine" password="AutoGenerate".
>
>I even substitute machine.config file of the machine, which works for trust
>connection for the one, which does not work. However, it does not make
>difference.
>Please help me to set SQL Server trust connection work without
>impersonation. Thanks!
>Charts
>
>
>"Sue Hoegemeier" wrote:
>
>> If you use integrated authentication to connect to the
>> database and you are not using impersonation, asp.net will
>> connect using the process account itself, which is NT
>> AUTHORITY\NETWORK SERVICE.
>> I'm not sure what account you are trying to log in as from
>> asp.net or how you want to configure your security. You may
>> want to check the asp.net security whitepaper at:
>> http://www.microsoft.com/downloads/release.asp?ReleaseID=44047
>>
>> That will give you the guidelines you need for setting up
>> asp.net, iis appropriately for your situation.
>>
>> -Sue
>>
>> On Wed, 19 Jan 2005 10:37:06 -0800, Charts
>> <Wcharts@newsgroups.nospam> wrote:
>>
>> >The following message was posted on 17th, and I still have not received
>> >response yet.
>> >My registered alias is
>> > Wcharts@newsgroups.nospam.
>> >
>> >In Windows 2003, when I use ASP.NET page to make trust connection, I got
>> >following error messages.
>> >“Login failed for user ‘NT authority\Network Service’”.
>> >
>> >The connection string is as following.
>> >Connection_string "Initial Catalog=ctqpcustomer;Data
>> >Source=localhost;Integrated Security=SSPI;"
>> >Following message post on 17th, and I still have not received response yet.
>> >
>> >This connection string works in Windows 2000 and XP for ASP.NET application.
>> > In Windows 2003, it also works for VB.NET applications.
>> >
>> >I made sure ASPNET account is added in SQL Server login, and assigned
>> >db_owner permission to the ctqpcustomer database. The Windows login account
>> >is administrator account. Please help.
>> >Thanks,
>> >Charts
>>
>>
- Next message: Gloria: "Error15401: WindowsNT user or group 'domain\username' not found."
- Previous message: Charts: "Re: SQL Server trust connection failed in Windows 2003 for ASP.NET"
- In reply to: Charts: "Re: SQL Server trust connection failed in Windows 2003 for ASP.NET"
- Next in thread: Stephen Dybing [MSFT]: "Re: SQL Server trust connection failed in Windows 2003 for ASP.NET app"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
