I have created a website using ASP.net with simple data connection which is working fine in localhost. when I want to publish the same, I am getting this error. "Cannot open database "Abcdb" requested by the login. The login failed. Login failed for user 'XYZ-Domain\XYZ-SVR-01$'.
I don't have the user 'XYZ-Domain\XYZ-SVR-01$' in my SQL Server (SQL Express 2012).
I have my server in a virtual machine .
my connection string is "Data Source=XYZ-05-VM1\SQLEXPRESS;Integrated Security=True;Initial Catalog=Abcdb".
do I have to create a user in my database as shown above or else can I use existing database user. I am very new to this technology. Kindly help me.
Try it
<connectionStrings>
<add connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=Abcdb;Integrated Security = SSPI" providerName="System.Data.SqlClient" />
</connectionStrings>
The error means that the server could be reached and the database name is correct. The problem is that the login is invalid.
From the login name I suppose that you have set Integrated Security=SSPI in your connection string and therefore try to authenticate with the account that your application is running under at the SQL Server. On your development machine, this is your user account that on a typical developer machine will be granted high access rights to the local SQL Server.
After you have deployed your application to IIS, it will run in an AppPool that is basically a process under a specific user account (the AppPool account). You need to grant this user account access to the database. In your case, this account is the Network Service account of the server you have your application deployed to. So you need to either grant the Network Service account access to the database or follow this - cleaner - approach:
Create a new Service account in your domain that is dedicated to your application.
Configure your AppPool to run under this account. Assert that the account has the minimum amount of access rights on the server that is possible.
Grant this account access to your database.
If you want to check the database connection settings, have a look at the connectionStrings section in your web.config. This link shows the available settings for SQL Server.
Related
i publish an mvc3 application on a webserver IIS7 and i want to connect my application with a remote SQL server ( different machine)
here is my connection string:
connectionstring="server=server;database=db;user Id=user;password=psw;user instance=false" providername="System.Data.SqlClient"
i m using entityframework.
i also added the user in the connectionstring to security folder under database in sql management studio with dbo rights.
the problem is i get an error : failed to open a session for the user
SQL exception (0x80131904)
Have you checked the user mapping for the login?
You can find the logins under the server folder security -> logins.
Check there is a login mapped to the database user. Select the appropriate login -> properties -> user mapping tab.
The fact that a user exists in a database, does not directly mean that there is a valid login associated with that user. Ensure that a login maps to the database user and that the user has the required database role.
After hours of research i just figure out that adding the whole groupe of computers (Domain\Computers) granted me the access to the database. i changed my connectionstring to use integrated security= sspi. From the beginning it was a Connection problem.
I've been given a backup of a production SQL database to begin writing an application against.
I've got it running as a local instance and using Windows Authentication and I can READ the information, however I cannot figure out how to get IIS to use my Windows Authentication to log into the SQL server when running a local ASP.Net website.
I don't have the authority on the DB to add users, and I'm getting an error of System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. when I try to access a page that reads the database.
I don't think I will be able to communicate with the DB admin for a while to get him to fix this up for me. Is there anything I can do here?
Your asp code is using the same identity that IIS runs under - the Network Service account. To get it to use your credentials, you can either hard-code them into a connection string or you can use impersonation (see this link: http://msdn.microsoft.com/en-us/library/aa292118%28VS.71%29.aspx)
The gist of the link:
Put this in your web.config file: <identity impersonate="true" />
-t.
You need to create an account in SQL Server for the Network Service account,ex via SSMS via the "Security" section, right click on "Logins" and select add. You will be adding a Windows Account, you can then lookup and validate the name "NETWORK SERVICE". Then switch to the "User Mapping" section and grant permission to view your database.
reference : http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015%5Fsqlserver
2nd Alternative
If "integrated security=sspi" is there in your connection string than you should:
Turn on integrated auth in IIS
Turn on windows auth in asp.net
Turn on imerposation in asp.net
Hopefully it will help.
Here is my Error:
ERROR [28000] [Microsoft][ODBC SQL
Server Driver][SQL Server]Login failed
for user 'NT AUTHORITY\ANONYMOUS
LOGON'. ERROR [28000] [Microsoft][ODBC
SQL Server Driver][SQL Server]Login
failed for user 'NT
AUTHORITY\ANONYMOUS LOGON'.
Here is my connection string at application start up:
MyConnection = New Odbc.OdbcConnection("DRIVER={SQL Server};SERVER=MySqlServer;Trusted_Connection=True;DATABASE=MyDatabase")
Here is part of Web.Config:
<authentication mode="Windows"/>
<identity impersonate="false"/>
Here is my IIS(7) settings:
Authentication
Anonymous Authentication: Disabled
ASP.NET Impersonation: Disabled
Basic Authentaction: Enabled
Digest Authentication: Disabled
Forms Authentication: Disabled
Windows Authentication: Enabled
Connection Strings
MyDatabaseConnection: Data Source=MySqlServer;Initial Catalog=MyDatabase;Integrated Security=True
LocalSqlServer: data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true
I believe you may have to use ASP.Net Impersonation in this case.
http://weblogs.asp.net/achang/archive/2004/04/15/113866.aspx
As Zach says, you need to change the credentials of the user accessing the database.
So you either need to turn on impersonation as recommended or you should change the user id and password used by the application pool that is used to run your web site. This MSDN article, while a bit old, still applies and should help you do that.
What user account should be used to connect to the database? Your user account, an account on the SQL server, the IIS app pool account?
By default, if you don't give the connection string a username and password, .NET will use the AppPool's credentials, which as Simen says doesn't have sufficient privileges to the SQL server.
If you want to use the credentials of the user accessing the website (probably a bad idea), you need to use impersonation as Thyamine says, but if you want to use a SQL account that is set up for the database, then you need to put the username and password of that user into the connection string. (http://www.sqlstrings.com/SQL-Server-connection-strings.htm)
if your web application is running without Integrated Security. remove the "Allow Anonymous connections" security option. When authenticated by the web server as ANONYMOUS the request will be executed using an identity does not have sufficient privileges to your SQL Server DB.
Edit: If you are running the web server on a separate machine than the client machine you might want to investigate whether the server actually recognizes the account used on the client machine. If the machines are not part of the same security domain, you might even have to go through the questionable procedure of modifying the server's
Local Policies --> Security Options --> Network access: Sharing and security model for local accounts to the setting : Classic - local users authenticate as themselves and creating a user account with the same name and password on the server.
You might also want to investigate http logs on the server
I'm trying to publish an asp.net website on a remote server. When my code tries to connect to the database, I get the error message described in the question title. Now, I've gone into the Microsoft SQL Server Management Studio for SSE 2008 and can see the list of logins. NT AUTHORITY\NETWORK SERVICE is there, but I'm not sure what settings I need to change to allow this user to access the database. I've tried using impersonation in my web.config file using the windows login credentials for the server, but that just brings up the same error message, with my windows username instead of NETWORK SERVICE.
My connection string is as follows:
connectionString="Data Source=MECHTRONICRND\SQLEXPRESS;Initial Catalog='C:\Inetpub\aspnettest\App_Data\FLEETMANAGERDB.MDF';Integrated Security=True"
Any ideas?
Thanks
--Amr
Thanks for your replies. After looking at this tutorial, I found out how to allow users access to a database. Once I had allowed NETWORK SERVICE read and write access to the database, my website worked fine with the original connection string.
--Amr
Your connection string should be:
"Data Source=MECHTRONICRND\SQLEXPRESS;Initial Catalog=FLEETMANAGERDB;Integrated Security=True"
Also, this is trying to connect to the database as the account that's used by the web server. You could run the web service (configure IIS accordingly) as a domain user, and then create a login and database user for that account. Otherwise, you will have to create a database user (in FleetManagerDB) for the Network Service account, which isn't recommended. Or yourself if you are impersonating yourself.
I am using SQLServer2005 and VS2008. My connection string in web.config is:
add name="library" connectionString="Data source=KMT; Initial Catalog=Library;Integrated Security=SSPI"
Here, KMT is my server name, Library is my database.
When I run my page through VS2008 localhost, it's fine. However, when viewing through IIS it shows an error message like "login failed for user, 'KMT/ASP.NET'". My sqlserver authentication mode is windows and it's ok in web.config. What will be the solution?
Using "Integrated Security" means logging in to the database with the identity of the user running the process. When you run the local VS web server, it runs as your login. But in IIS, the web server worker process runs as a predefined user account. Your worker process identity must have rights to your SQL Server and database.
Check the properties of your App Pool in IIS. If you are running as Network Service for example, go into SQL and create a new user, enter Network Service as the Windows user name, and grant that user rights to your database.
one of my friends helped me to solve this problem as
i executed the SQL to add ASPNET as a login to
my DB and setup DA permissions
exec sp_grantlogin N'MACHINE\ASPNET'
exec sp_defaultdb N'MACHINE\ASPNET', N'Database'
use Database
exec sp_grantdbaccess N'MACHINE\ASPNET', N'ASPNET'
exec sp_addrolemember N'db_owner', N'ASPNET'
here MACHINE is machine name and database is my database name.
but through this the ASPNET user has total
control over that DB.
VS2008 uses your credentials to authorize to the db, IIS is using different account.
Make sure the IIS account has enough permissions.
If you use Integrated Security=SSPI, the credentials of the current user (in VS that would be YOU) are used to connect to SQL Server.
From an IIS app, the user associated with the IIS service is used for log in.
Solutions:
Assign the IIS service a special user that's allowed to connect to SQL
Use SQL Server authentification to access the database, and stored username/password in the connection string
Were you planning to use the ASP.NET system account or the users windows account?
If the latter you need impersonation. That works if SQL and IIS are on the same machine, otherwise it is a double hop and requires a non trivial amount of work to set up delegation.
If the server is windows 2003 you can give the Network Service the permissions to access to SQL Server