I have created a website using asp.net every thing is running fine when i run this using visual studio development server but when i tried to run it by IIS server then Home page of website loads but it couldn't make connection with database server
<add connectionString="Data Source=ASHUTOSH-PC\SQLEXPRESS;Initial Catalog=CloudStorage;Integrated Security=True" name="connectionStr"/>
</connectionStrings>
this works fine on visual studio develoment server but not with IIS.... Please help
Since you are using Integrated Security=True you use the application pool identity to connect to the DB. When you run Cassini, you use your own credentials. You should set up the application pool identity with a user that has permissions to login and query SQL Server.
From MSDN:
When you run a page using the ASP.NET Development Server, the page runs in the context of your current user account. For example, if you are running as an administrator-level user, a page running in the ASP.NET Development Server will have administrator-level privileges. In contrast, in IIS, ASP.NET by default runs in the context of the special user (ASPNET or NETWORK SERVICES) that typically has limited privileges. The ASPNET or NETWORK SERVICES accounts are local to the server computer (not domain accounts), which restricts access to resources on other computers.
Database access
When working with the ASP.NET Development Server, you can typically rely on Windows Integrated authentication to access SQL Server. However, when the same page runs in IIS under the ASPNET or NETWORK SERVICES account, the page is running in the context of a local user, and you often have to configure the page to use a connection string that includes information about a user and password. For details, see Accessing SQL Server from a Web Application and ASP.NET Security Architecture.
Related
In order to keep application secrets out of source code I want to use Integrated Security to connect my ASP.NET MVC application to SQL Server. However, IIS Express uses my development machine's account as the Identity for Integrated Security, which has different permissions from the AppPoolIdentity on production. I want to connect to SQL server using the same permissions in development as in production, which seems like something that should be easy to do, but I have had no luck.
Apparently it is impossible to set the Identity used by IIS Express except using "runas" which I could not get to work: how to run iisexpress app pool under a different identity
Things I've tried:
IIS Express
Create a User in "Edit local users and groups" and add it to "IIS_IUSRS" group.
Create AppPool in IIS Express manager (Jexus manager)
Setting AppPool > ProcessModel > Identity to newly created User, which fails.
(However setting AppPool Identity works in IIS Manager (not express))
Create site and configure path and ApplicationPool
Application successfully launches through Jexus manager, however still using my Windows account like it does launching from Visual Studio
IIS
Create app pool and log in as newly created user (succeeds unlike Jexus manager)
Create and configure site to use https and IIS Express development cert
Get 500 error when trying to launch the same way as with Jexus manager
I would rather launch the app from Visual Studio anyway
Impersonation
Requires credentials in web.config defeating the purpose of Integrated Security
It's important we manage secrets internally so Azure Key vault or other similar 3rd-party solutions are off the table.
It's beginning to seem impossible to configure IIS Express AppPools to use an Identity other than the currently logged in user: Link1 and Link2. The second link describes a method using "runas" from cmd as Admin but using System.Security.Principal.WindowsIdentity.GetCurrent().Name to check the ApplicationPool identity still shows my logged in Identity, not the one I used in the "runas" command.
What are my options? I would like to use Integrated Security for both dev and prod, with the same permissions on each. Is this possible? Is there an equivalent workaround?
I'm having problems connecting to an MSSQL database in an ASP.NET Web Forms application. The error I get the is the user corp\earth3 can't connect. earth3 is the name of the computer ... the logged in user is corp\earth (a domain administrator) which is what works when connecting to the database using MSSQL Management Studio. I'm building the web app on Windows 10 and its being deployed for production use on a Windows 2012 server (which has the same connection problem as the win10 machine).
I've tried each of the following in web.config. This works while connecting to other database instances on the db server, but not on this one.
<add key="sqlConnectString" value="Data Source=db01\pd; Initial Catalog=PDB; Trusted_Connection=Yes;"/>
<add key="sqlConnectString" value="Data Source=db01\pd; Initial Catalog=PDB; Integrated Security=SSPI;"/>
What am I doing wrong here? Why can't I connect to the db using corp\earth?
Thanks.
Modify the Identity in the application pool with a user that can connect to the database. Create a custom app pool if you don't want to make a change that would affect other web sites it uses.
I have a situation where a classic ASP's SQL Server database has been moved from a server 2003 to a 2008r2. The classic asp application stills resides on a server 2003.
Now because I have never done a migrating the only thing I thought I needed to change is the SQL Server named IP address in the application's IIS deployed ini file. Currently I am using anonymous authentication and the default application pool. The application render's to the browser fine. The problem is the application is not pulling any data for the database.
It seems that I have missed something in the configuration process. Has someone done this type of migration and if so provide me a list of thing that they have done to configure the application correct and other settings for the migration?
Thanks,
Steve Holdorf
This is not an asp but a database authentication.
It sounds like you used Windows authentication to connect from asp to the old server. Windows authentication means that asp uses IIS user identity to connect to the database and in your ini-file (or asp files) you do not provide any user/password to connect to sql.
If you want to keep this type of authentication for the new database, then you would need to configure user on the new Sql Server. Look at the old server, you should find the user named similar to domainName\WebServerMachineName$. You would need to create the same user on the new Sql Server and grant the same rights as on the old database. Read more https://msdn.microsoft.com/en-us/library/ff647396.aspx
If this is not an issue, then you should find what is the error message when application is not pulling any data for the database.
We have a web site written in ASP.NET MVC that uses Windows Authentication.
We have a WCF service that we use to connect to the database and reference that service from our MVC site. The web.config for both the site and the service have enabled Windows Authentication and disabled Basic and Anonymous authentication.
Now, the issue is this:
If I restart the IIS and then open a browser in the same computer that has the IIS, everything works fine (even from outside that computer).
If I restart the IIS and then open a browser in an external computer, the WCF service is unable to connect to the database (even from the local machine).
So, if we don't open the site from the host computer before attempting to access it externally it won't work.
We are using impersonation to do the calls to the service from the website.
Any ideas on what can be happening?
your WCF service is impersonating the user of an outside user passed to by IIS passed to by the IE user. You want to hard code your application pool of your IIS we service to use a specific Service Account that has Network Service privileges
its working internally, as its using your identity on the Windows Domain(its in your ie settings in security) but externally this does not work.
I have an Access database with local and remote tables. The remote tables are linked to a Sql Server Database through an ODBC connection.
When I open the Access database, I can open and view the contents of both the local and remote tables. So this is proof that there should be no problem connecting to the remote tables from an ASP.NET app
Now when I run my ASP.NET app in Visual Studio, I am able to access both the local and remote tables in Access with no problem.
As soon as I put my app into IIS and run the app from localhost, I am only able to access the local tables in the Access file with my code but none of the remote tables! I get the following error when I try: "ODBC--connection to 'FMPOS_live' failed." But remember, I have no problem opening the remote tables from Access directly but I can't access them from my app running in IIS for some reason.
Is there a permission somewhere that depending on who or what is accessing the Access file, determines whether that process can use the remote tables??
When running from Visual Studio you are using your own credentials to connect to the SQL server.
When running from IIS you are using either ApplicationPoolIdentity, Network Service, or Local System depending on configuration of the application pool. You would need to allow login and read privileges to whichever account the website is running under.
In the case of running from VS it's probably working because you're probably a sysadmin on the SQL server.
Try checking what user is running "w3wp.exe" in the task manager.
In the case of ApplicationPoolIdentity the username you're looking for will be IIS APPPOOL\NameOfApplicationPool.
The problem was the application pool identity. Access wasn't allowing access to it's remote tables by the default process ApplicationPoolIdentity Identity. I changed the identity to my windows user login and it worked!
Instructions:
1. Go to the Application Pool for your website
2. Click on it and select Advanced Settings
3. Under Process Model Identity, choose Custom Account and type your username and password for your windows login.