I been strugling with this for 2 days now without comming any closer to solution. I have read 20-30 threads alteast and stil can not resolve this.
Please help me out.
I have disable anonymous authentication, enable asp.net impersonation.
I have added <identity impersonate = "true" />
I have added the a user to the security logins that is connected to the database I try to connect to
This is the connectionstring I use:
Data Source=IPTOSERVER;Initial Catalog=Phaeton;User Id=User;Password=Password;
errormessage:
Cannot open database "Phaeton.mdf" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
I was experiencing a similar error message that I noticed in the Windows Event Viewer that read:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. Reason: Failed to open the explicitly specified database. [CLIENT: local machine]
The solution that resolved my problem was:
Login to SqlExpress via SQL Server Management Studio
Go to the "Security" directory of the database
Right-click the Users directory
Select "New User..."
Add 'NT AUTHORITY\NETWORK SERVICE' as a new user
In the Data Role Membership area, select db_owner
Click OK
Here's a screenshot of the above:
The error message you are receiving is telling you that the application failed to connect to the sqlexpress db, and not sql server.
I will just change the name of the db in sql server and then update the connectionstring accordingly and try it again.
Your error message states the following:
Cannot open database "Phaeton.mdf" requested by the login. The login failed.
It looks to me you are still trying to connect to the file based database, the name "Phaeton.mdf" does not match with your new sql database name "Phaeton".
Hope this helps.
If the error message is just
"Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.", then grant
the login permission for 'NT AUTHORITY\NETWORK SERVICE'
by using
"sp_grantlogin 'NT AUTHORITY\NETWORK SERVICE'"
else if the error message is like
"Cannot open database "Phaeton.mdf" requested by the login. The login
failed. Login failed for user 'NT AUTHORITY\NETWORK SERVICE'."
try using
"EXEC sp_grantdbaccess 'NT AUTHORITY\NETWORK SERVICE'"
under your "Phaeton" database.
I liked Jed's solution but the issue with that was every time I built my project in debug mode, it would deploy my database project and removed the user again. so I added this MySQL script to the Post-Deployment script.
it practically does what Jed said but creates the user every time I deploy.
CREATE USER [NT AUTHORITY\NETWORK SERVICE]
FOR LOGIN [NT AUTHORITY\NETWORK SERVICE]
WITH DEFAULT_SCHEMA = dbo;
Go
EXEC sp_addrolemember 'db_owner', 'NT AUTHORITY\NETWORK SERVICE'
You said it worked fine when you were using SQL Express edition. By default express editions create a named instance & run in NT Authority\Network Service.
SQL Server STD by default install a default instance & run in NT Authority\SYSTEM.
Do you have both the full SQL edition & Express edition installed on the same machine?
It could be that somewhere the connection string still refers to the Named instance 'SQLEXPRESS' rather than the default instance created by the full version.
Also where is the connection string defined? In IIS or your code? Make sure that if defined in many places, all point to same SQL instance & database.
Also try looking at the detailed error present in the SQL Server error logs. The error logged in event log are not complete for secuirty reasons. This will also help you to know if the connection was made to the correct SQL Server.
Also make sure that the machine on which SQL is installed is accessible & IIS is trying to access the same machine. In my company sometimes due to wrong name resolution, the query fails since most of our computers have SQL installed & the query lands in the wrong SQL Server.
Make sure that the database exists in the SQL Server. The name displayed under databases in SQL Management Studio should match that in the connection string.
The SQL Server login required is DOMAIN\machinename$. This is the how the calling NT AUTHORITY\NETWORK SERVICE appears to SQL Server (and file servers etc)
In SQL,
CREATE LOGIN [XYZ\Gandalf$] FROM WINDOWS
The Best way is to create a user for your application and assign the permissions that are suitable for that user. Dont use 'NT AUTHORITY\NETWORK SERVICE' as your user it has its own vulnerability and it is a user that has permissions to so many things on the OS level. Stay away from this built in user.
I am using Entity Framework to repupulate my database, and the users gets overridden each time I generate my database.
Now I run this each time I load a new DBContext:
cnt.Database.ExecuteSqlCommand("EXEC sp_addrolemember 'db_owner', 'NT AUTHORITY\\NETWORK SERVICE'");
Make sure that the database is created. I got the same error when I applied the migration to the wrong project in the solution. When I applied the migration to the right project, it created the database and that solved the error.
Related
This had been working fine in our prior server Windows 2012. New server is 2019.
IIS Setup:
DefaultAppPool using ApplicationPoolIdentity as its identity.
Anonymous and Windows Authentication enabled.
Both prior and current server hitting same SQL Server.
When we try launching the ASP Page, we get this error:
SqlException (0x80131904): Login failed for user 'DOMAIN\MACHINENAME$'.
In other posts I've read that it could be the connection string Trusted Connection setting that is incorrect, but the connection string is built inside the page code and it's never changed.
We've also read that since ApplicationPoolIdentity uses NT AUTHORITY\NETWORK SERVICE as its user, then we'd need to add that service account to the SQL Server.
Again, it had been fine without it in the prior server. But just to try it, we added it to the User list as DB_OWNER in SQL Server.
But still get same error.
Connecting to the SQL server outside of this scenario is no an issue, we can get to it in SSMS and otherwise.
Any ideas and help appreciated!
Thanks
If you see a failure like this: Login failed for user 'DOMAIN\MACHINENAME$'. It means that a process running as NETWORK SERVICE or LocalSystem accessed a remote resource, authenticated itself as a machine account and was denied authorization. When access to the machine account is denied, the machine account must be granted access. If the server denies login to 'DOMAIN\MACHINE$', then you must grant login permission to 'DOMAIN\MACHINE$' instead of NETWORK SERVICE.
I'm trying to deploy my first ASP.NET app on IIS, but I'm facing an issue whenever I connect to database. Connecting to database works just fine running the app on visual studio.
I keep getting the following:
SqlException: Cannot open database "RazorPagesMovieContext-ae4522b8-14f6-4dd9-9e71-fb8009d965ad" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
My connection string looks like this:
<add name="LocalSqlServer"
connectionString="Server=(localdb)\MSSQLLocalDB;Database=RazorPagesMovieContext-ae4522b8-14f6-4dd9-9e71-fb8009d965ad;Integrated Security=true"
providerName="System.Data.SqlClient" />
Like stated in the article here: https://learn.microsoft.com/en-us/archive/blogs/sqlexpress/using-localdb-with-full-iis-part-2-instance-ownership I have tried #1 "Run IIS as our Windows user" and #2 "Use LocalDB Shared Instance" of the approaches without any luck so I've moved to trying NetworkService instead of ApplicationPoolIdentity which is where I'm facing the same error (using ApplicationPoolIdentity it fails with
Login failed for user 'IIS APPPOOL.NET v4.5'") just under different user.
In my SQL Server Management Studio I've created a new user with "NT AUTHORITY\NETWORK SERVICE" name and made sure I gave "db owner" permission for the database and ticked all Server Roles. Most of the answers point out to giving permissions, but that still does not address this for me.
Any insights would be appreciated
Problem in your ConnectionString, you haven't any user content CS for Login Database.
First you must add user for database your then set your connectionString
Two Options
Create new user on your database then this user set access for RazorPagesMovieContext-ae4522b8-14f6-4dd9-9e71-fb8009d965ad Create User
Enable sa user, by default disabled sa user, Enable Sa user
Finally Change connection string
if you use option 2
Server=(localdb)\MSSQLLocalDB;Database=RazorPagesMovieContext-ae4522b8-14f6-4dd9-9e71-fb8009d965ad; user=sa; password=yourPassword
**For enable **
The solution in the above link is useful, Run IIS as our Windows user or Use LocalDB shared instance is an approach to the issue.
I am here just to discuss the approach provided in the documentation. In solution1, firstly we should ensure that the VS is running properly because we should ensure the Database instance also is running properly. Then change the application pool identity to the Windows account running the Visual Studio.
In solution2, since Visual Studio2017 has updated the name of the local database instance, we should change the command accordingly.
sqllocaldb share instance mssqllocaldb IIS_DB
Subsequently, apply it to the connection string.
Data Source=(localdb)\.\IIS_DB;Initial Catalog=mydatabase;Integrated Security=True
Here is a detailed description of this issue.
https://codemegeek.com/2018/05/13/configure-iis-to-us-localdb/
Feel free to let me know if there is anything I can help with.
I am trying to connect my website to my sql server 2008 r2 on windows server 2003 with .net framework 4
This is the connection string:
<add name="TestDbConnectionString"
connectionString="Data Source=(local);Initial Catalog=RESv5;integrated security=SSPI;"
providerName="System.Data.SqlClient" />
I got an exception, which is:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
I saw this question Login failed for user 'NT AUTHORITY\NETWORK SERVICE' and I tried to make a user named as NT AUTHORITY\NETWORK SERVICE but I still have the problem,
edit1
I have already tried to use a username and password. this is the connection string
<add name="TestDbConnectionString"
connectionString="Data Source=(local);Initial Catalog=RESv5;integrated security=SSPI;User Id=sa;Password=myPassword;"
providerName="System.Data.SqlClient" />
but still have the problem
You're using Windows authentication to enter the server, so it uses the Windows account access from the client to validate access/permissions. When in development, the "client" is really the VS development server, but when you deploy to a real web server, the "client" runs as another account, the one that is used to start the its service, NOT yours.
Often SQL Servers are configured at installation to allow yourself sysadmin access, but barely anything else to other users, that's why you get an access denied.
One option would be to use SQL authentication with user/password. Security-wise, this would be the best option if the same web server runs many websites (as they may be isolated from each other data's).
If you absolutely want to use Windows authentication, the real solution would be to give permissions to the built-in account NT AUTHORITY\NETWORK SERVICE at SSMS:
CREATE LOGIN [NT AUTHORITY\NETWORK SERVICE] FROM WINDOWS WITH DEFAULT_DATABASE=[RESv5]
GO
USE [RESv5]
GO
CREATE USER [NT AUTHORITY\NETWORK SERVICE] FOR LOGIN [NT AUTHORITY\NETWORK SERVICE]
GO
ALTER ROLE [db_owner] ADD MEMBER [NT AUTHORITY\NETWORK SERVICE]
GO
Try removing the integrated security=SSPI from the connection string, or set it to false. See below my successful login with sa user:
EDIT: Here is a detailed explanation, maybe it help you to find where you're wrong:
http://msdn.microsoft.com/en-us/library/ff648340.aspx
Your website is running under service account NETWORK_SERVICE in IIS, this is a computer user and can't access your SQL. To fix this you should set your website to use "identity impersonate=true" in your web.config. However if you are running this on the server you might lose the authenticated user in what's called a 'double-hop' where your IIS server cannot relay your authenticated user to the SQL server in another step (PC (1)-> IIS (2)-> SQL).
Milica Medic is correct in her answer but in your reply you specified a user "william" is this a SQL user or a windows user? If Windows user then this won't work, to relay windows users to SQL you need to do it in web.config (see 1. above). The sql connection assumes the user is a SQL user not windows user.
your attempt with username/password is close but you are still specifing Integrated Security=SSPI which tries to force windows user authentication to the SQL.
Try and make a connection string like this:
connectionString="Data Source=SQLSERVERINSTANCE;Initial Catalog=myDB;Persist Security Info=True;User ID=sa;Password=myPassword"
I've been given a backup of a production SQL database to begin writing an application against.
I've got it running as a local instance and using Windows Authentication and I can READ the information, however I cannot figure out how to get IIS to use my Windows Authentication to log into the SQL server when running a local ASP.Net website.
I don't have the authority on the DB to add users, and I'm getting an error of System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. when I try to access a page that reads the database.
I don't think I will be able to communicate with the DB admin for a while to get him to fix this up for me. Is there anything I can do here?
Your asp code is using the same identity that IIS runs under - the Network Service account. To get it to use your credentials, you can either hard-code them into a connection string or you can use impersonation (see this link: http://msdn.microsoft.com/en-us/library/aa292118%28VS.71%29.aspx)
The gist of the link:
Put this in your web.config file: <identity impersonate="true" />
-t.
You need to create an account in SQL Server for the Network Service account,ex via SSMS via the "Security" section, right click on "Logins" and select add. You will be adding a Windows Account, you can then lookup and validate the name "NETWORK SERVICE". Then switch to the "User Mapping" section and grant permission to view your database.
reference : http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015%5Fsqlserver
2nd Alternative
If "integrated security=sspi" is there in your connection string than you should:
Turn on integrated auth in IIS
Turn on windows auth in asp.net
Turn on imerposation in asp.net
Hopefully it will help.
I'm trying to publish an asp.net website on a remote server. When my code tries to connect to the database, I get the error message described in the question title. Now, I've gone into the Microsoft SQL Server Management Studio for SSE 2008 and can see the list of logins. NT AUTHORITY\NETWORK SERVICE is there, but I'm not sure what settings I need to change to allow this user to access the database. I've tried using impersonation in my web.config file using the windows login credentials for the server, but that just brings up the same error message, with my windows username instead of NETWORK SERVICE.
My connection string is as follows:
connectionString="Data Source=MECHTRONICRND\SQLEXPRESS;Initial Catalog='C:\Inetpub\aspnettest\App_Data\FLEETMANAGERDB.MDF';Integrated Security=True"
Any ideas?
Thanks
--Amr
Thanks for your replies. After looking at this tutorial, I found out how to allow users access to a database. Once I had allowed NETWORK SERVICE read and write access to the database, my website worked fine with the original connection string.
--Amr
Your connection string should be:
"Data Source=MECHTRONICRND\SQLEXPRESS;Initial Catalog=FLEETMANAGERDB;Integrated Security=True"
Also, this is trying to connect to the database as the account that's used by the web server. You could run the web service (configure IIS accordingly) as a domain user, and then create a login and database user for that account. Otherwise, you will have to create a database user (in FleetManagerDB) for the Network Service account, which isn't recommended. Or yourself if you are impersonating yourself.