I'm having trouble with my security model, Application_Sta rt, and accessing
my database.
My ASP.NET app is only going to be running in an intranet environment (not
on the public Internet). The production environment will have installed
everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a
Win2k Server).
In IIS, I have disabled anonymous access so that only Integrated Windows
authentication is used. Then in my Web.config file I've set it up to use
Windows authentication, as such:
<appSettings>
<add key="connection String"
value="database =RegPerfectDb;s erver=localhost ;Trusted_Connec tion=true" />
</appSettings>
<system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
<identity impersonate="tr ue" />
</system.web>
Then, in my Application_Sta rt event in Global.asax, I need to run a query or
two to get some application-wide data from our database and store it in the
application cache.
When I try to access a database from Application_Sta rt, I get the following
error:
System.Data.Sql Client.SqlExcep tion: Cannot open database requested in login
'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\AS PNET'.
It's as if it is using the default ASP.NET worker process account (which is
not what I want). I need it to authenticate/authorize the logged in user
(which has access to the database) and use that user to access the database.
So, my questions are: what am I doing wrong? how do I set up IIS,
Web.config, database connection, etc. so that everything is properly
authenticated/authorized to the logged in user so that I can query the
database in Application_Sta rt?
Thanks in advance for your help. 6 2741
This is because when the application starts, it isn't running under any
particular user. That only happens for page requests - which is processed
after the application is started. Application_Sta rt runs only once - and so
in what you are proposing, it would happen to run under whoever happened to
be the first person to access the application? It just doesn't work that
way.
Whatever you do in application_sta rt can't rely on what user happened to
have made the first request to this app - so it needs a connection
independent of that.
"Ober" <ob**@yahoo.com > wrote in message
news:e0******** ******@TK2MSFTN GP15.phx.gbl...
I'm having trouble with my security model, Application_Sta rt, and
accessing my database. My ASP.NET app is only going to be running in an intranet environment (not on the public Internet). The production environment will have installed everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a Win2k Server). In IIS, I have disabled anonymous access so that only Integrated Windows authentication is used. Then in my Web.config file I've set it up to use Windows authentication, as such: <appSettings>
<add key="connection String" value="database =RegPerfectDb;s erver=localhost ;Trusted_Connec tion=true" />
</appSettings> <system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
<identity impersonate="tr ue" />
</system.web> Then, in my Application_Sta rt event in Global.asax, I need to run a query
or two to get some application-wide data from our database and store it in
the application cache. When I try to access a database from Application_Sta rt, I get the
following error: System.Data.Sql Client.SqlExcep tion: Cannot open database requested in
login 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\AS PNET'. It's as if it is using the default ASP.NET worker process account (which
is not what I want). I need it to authenticate/authorize the logged in user (which has access to the database) and use that user to access the
database.
So, my questions are: what am I doing wrong? how do I set up IIS, Web.config, database connection, etc. so that everything is properly authenticated/authorized to the logged in user so that I can query the database in Application_Sta rt? Thanks in advance for your help.
have a browse through the matrix.
how are you connecting to sql server ? trusted connection ? or sql user /
password ? http://msdn.microsoft.com/library/de...SecNetAP05.asp
if you are using trusted connection or SSPI then your MACHINENAME\ASP NET
account will have to be granted access to the database (if you want to
enable access from application as there is no user context) plus for normal
user access dont forget to use <impersonate> in web.config
copying from an old code project article (though i wouldnt give access to
ASPNET account as DBOwner i would just just read / write on certain stored
procs
This should work on all other IIS 5.1 (possibly other versions)
combinations. The only difference between IIS 5.1 and IIS 6 is the account
the ASP.NET process runs under. IIS 5.1 runs under a %MACHINENAME%\A SPNET
where %MACHINENAME% is the machine name.
osql -E -S %SERVER%\%INSTA NCE% -Q "sp_grantlo gin '%MACHINENAME%\ ASPNET'"Now
our ASP.NET application will be able to log into the server. Now all thats
left is to grant access to the databases.
osql -E -S %SERVER%\%INSTA NCE% -d %DATABASE%
-Q "sp_grantdbacce ss '%MACHINENAME%\ ASPNET'"
osql -E -S %SERVER%\%INSTA NCE% -d %DATABASE%
-Q "sp_addrolememb er 'db_owner', '%MACHINENAME%\ ASPNET'"These 2 lines will
add access to one of the databases. So if you want to add access to another
database just change %DATABASE% and run both lines.
other way open Query Analyser and do an "EXEC stored proc values here"
--
Regards,
Hermit Dave
( http://hdave.blogspot.com)
"Ober" <ob**@yahoo.com > wrote in message
news:e0******** ******@TK2MSFTN GP15.phx.gbl...
I'm having trouble with my security model, Application_Sta rt, and
accessing my database. My ASP.NET app is only going to be running in an intranet environment (not on the public Internet). The production environment will have installed everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a Win2k Server). In IIS, I have disabled anonymous access so that only Integrated Windows authentication is used. Then in my Web.config file I've set it up to use Windows authentication, as such: <appSettings>
<add key="connection String" value="database =RegPerfectDb;s erver=localhost ;Trusted_Connec tion=true" />
</appSettings> <system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
<identity impersonate="tr ue" />
</system.web> Then, in my Application_Sta rt event in Global.asax, I need to run a query
or two to get some application-wide data from our database and store it in
the application cache. When I try to access a database from Application_Sta rt, I get the
following error: System.Data.Sql Client.SqlExcep tion: Cannot open database requested in
login 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\AS PNET'. It's as if it is using the default ASP.NET worker process account (which
is not what I want). I need it to authenticate/authorize the logged in user (which has access to the database) and use that user to access the
database.
So, my questions are: what am I doing wrong? how do I set up IIS, Web.config, database connection, etc. so that everything is properly authenticated/authorized to the logged in user so that I can query the database in Application_Sta rt? Thanks in advance for your help.
Interesting. Does this only happen in Application_Sta rt event? Does it
connect to SQL as the logged in user in a later event, say from Page_Load?
Greg
"Ober" <ob**@yahoo.com > wrote in message
news:e0******** ******@TK2MSFTN GP15.phx.gbl...
I'm having trouble with my security model, Application_Sta rt, and accessing my database. My ASP.NET app is only going to be running in an intranet environment (not on the public Internet). The production environment will have installed everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a Win2k Server). In IIS, I have disabled anonymous access so that only Integrated Windows authentication is used. Then in my Web.config file I've set it up to use Windows authentication, as such: <appSettings>
<add key="connection String" value="database =RegPerfectDb;s erver=localhost ;Trusted_Connec tion=true" />
</appSettings> <system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
<identity impersonate="tr ue" />
</system.web> Then, in my Application_Sta rt event in Global.asax, I need to run a query or two to get some application-wide data from our database and store it in the application cache. When I try to access a database from Application_Sta rt, I get the following error: System.Data.Sql Client.SqlExcep tion: Cannot open database requested in login 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\AS PNET'. It's as if it is using the default ASP.NET worker process account (which is not what I want). I need it to authenticate/authorize the logged in user (which has access to the database) and use that user to access the database.
So, my questions are: what am I doing wrong? how do I set up IIS, Web.config, database connection, etc. so that everything is properly authenticated/authorized to the logged in user so that I can query the database in Application_Sta rt? Thanks in advance for your help.
> Whatever you do in application_sta rt can't rely on what user happened to have made the first request to this app - so it needs a connection independent of that.
Ah, that makes good sense. Missed that.
Thanks for the info. That totally makes sense. Do you or does anyone else
have any suggestions on how to do what I'm looking to do? Maybe, put the
code in Session_Start (but then I don't need it to run for every new
session)? Or????
Thanks!
"Marina" <so*****@nospam .com> wrote in message
news:OP******** ******@tk2msftn gp13.phx.gbl... This is because when the application starts, it isn't running under any particular user. That only happens for page requests - which is processed after the application is started. Application_Sta rt runs only once - and
so in what you are proposing, it would happen to run under whoever happened
to be the first person to access the application? It just doesn't work that way.
Whatever you do in application_sta rt can't rely on what user happened to have made the first request to this app - so it needs a connection independent of that.
"Ober" <ob**@yahoo.com > wrote in message news:e0******** ******@TK2MSFTN GP15.phx.gbl...
I'm having trouble with my security model, Application_Sta rt, and accessing my database. My ASP.NET app is only going to be running in an intranet environment
(not on the public Internet). The production environment will have installed everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on
a Win2k Server). In IIS, I have disabled anonymous access so that only Integrated Windows authentication is used. Then in my Web.config file I've set it up to
use Windows authentication, as such: <appSettings>
<add key="connection String" value="database =RegPerfectDb;s erver=localhost ;Trusted_Connec tion=true"
/> </appSettings> <system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
<identity impersonate="tr ue" />
</system.web> Then, in my Application_Sta rt event in Global.asax, I need to run a
query or two to get some application-wide data from our database and store it in the application cache. When I try to access a database from Application_Sta rt, I get the following error: System.Data.Sql Client.SqlExcep tion: Cannot open database requested in login 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\AS PNET'. It's as if it is using the default ASP.NET worker process account (which is not what I want). I need it to authenticate/authorize the logged in
user (which has access to the database) and use that user to access the
database.
So, my questions are: what am I doing wrong? how do I set up IIS, Web.config, database connection, etc. so that everything is properly authenticated/authorized to the logged in user so that I can query the database in Application_Sta rt? Thanks in advance for your help.
Is there any reason why you can't create a login for the ASPNET user?
Also, it is recommended that you use a single account to access your
database rather than use an account for each user. That way you will be
using your pooled connections more efficiently.
- Frank Mamone
"Ober" <ob**@yahoo.com > wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. .. Thanks for the info. That totally makes sense. Do you or does anyone
else have any suggestions on how to do what I'm looking to do? Maybe, put the code in Session_Start (but then I don't need it to run for every new session)? Or???? Thanks!
"Marina" <so*****@nospam .com> wrote in message news:OP******** ******@tk2msftn gp13.phx.gbl... This is because when the application starts, it isn't running under any particular user. That only happens for page requests - which is
processed after the application is started. Application_Sta rt runs only once -
and so in what you are proposing, it would happen to run under whoever happened to be the first person to access the application? It just doesn't work that way.
Whatever you do in application_sta rt can't rely on what user happened to have made the first request to this app - so it needs a connection independent of that.
"Ober" <ob**@yahoo.com > wrote in message news:e0******** ******@TK2MSFTN GP15.phx.gbl...
I'm having trouble with my security model, Application_Sta rt, and
accessing my database. My ASP.NET app is only going to be running in an intranet environment (not on the public Internet). The production environment will have
installed everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all
on a Win2k Server). In IIS, I have disabled anonymous access so that only Integrated
Windows authentication is used. Then in my Web.config file I've set it up to
use Windows authentication, as such: <appSettings>
<add key="connection String" value="database =RegPerfectDb;s erver=localhost ;Trusted_Connec tion=true" /> </appSettings> <system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
<identity impersonate="tr ue" />
</system.web> Then, in my Application_Sta rt event in Global.asax, I need to run a query or two to get some application-wide data from our database and store it
in the application cache. When I try to access a database from Application_Sta rt, I get the following error: System.Data.Sql Client.SqlExcep tion: Cannot open database requested in login 'DatabaseName'. Login fails. Login failed for user
'MACHINENAME\AS PNET'.
It's as if it is using the default ASP.NET worker process account
(which is not what I want). I need it to authenticate/authorize the logged in user (which has access to the database) and use that user to access the
database.
So, my questions are: what am I doing wrong? how do I set up IIS, Web.config, database connection, etc. so that everything is properly authenticated/authorized to the logged in user so that I can query the database in Application_Sta rt? Thanks in advance for your help.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Greg |
last post by:
I am working on a project that will have about 500,000 records in an XML
document. This document will need to be queried with XPath, and records
will need to be updated. I was thinking about splitting up the XML into
several XML documents (perhaps 50,000 per document) to be more efficient but
this will make things a lot more complex because the searching needs to go
accross all 500,000 records. Can anyone point me to some best practices...
|
by: Mike Dundee |
last post by:
I am importing data into a new database (the database still has to be
set up) and have a problem. The comma delimited text files I am
importing have four fields containing date and date/times. One field
in particular has a date format of MMM dd yyyy hh:mmAM eg Feb 20 2004
10:00AM. The other fields import correctly (although I haven't run a
query against them) they have two other formats: dd/mm/yy hh:mm:ss and
"plain old" dd-mm-yy. The...
|
by: Leslie |
last post by:
I am attempting to handle errors by using Application_Error. This seems to
work fine in most situations. However, if the exception occurs during the
Application_Start method, the stand error screen is displayed and my custom
error handling in Application_Error does not run.
Why does this occur, and is there something I can do to cause
Application_Error to be automatically invoked during an Application_Start
exception?
|
by: Marc Missire |
last post by:
Hi,
I have an issue below I'd love help with, involving a static variable,
Application_Start, and a background thread.
In global.asax.cs I have a static variable (outside any method) with a
default value, such as:
private static string serverName = string.Empty;
|
by: bryan |
last post by:
Is there any way I can get the application path (the one returned by
Request.ApplicationPath) in the Application_Start method in
Global.asax? Request is not valid there. On a related note, is there a
way to get it from a static method in an aspx page, or in the class
(static) constructor for an aspx page?
Thanks,
Bryan
| |
by: Rubber Steve |
last post by:
I am having trouble querying an Access database with ADO .NET in VB .NET. I
can get results returned using primary keys, but when using something like
LastName, nothing happens. I am not sure why this is. Here is the query
that works, and the one that doesn't:
Works:
cmd = New OleDbCommand("select * from employee where EmployeeID= " &
txtEmployeeID.Text, cn)
Does Not Work:
|
by: Christian Blackburn |
last post by:
Hi Gang,
Let me start by saying I'm using Visual Web Developer 2005 and ASP.net
2.0. Is there something I have to do to get my Global.asax fire when
my application loads. If I set a breakpoint nothing happens also I can
tell that it's not updating my database. I'm storing the users's
session ID in the database to prevent multiple logins. However, when
their session expires it's not clearning their record. Are there
prohibitive...
|
by: RajSharma |
last post by:
Hi,
I am facing a problem regarding querying thru a large table having millions of rows.......
Its hanging in between while querying for all those rows
Can anybody suggest me a query regarding :
Querying the database everytime for next 100 records ( that means i need to set up a cursor) till the count of the table rows ends up(take 1 million rows e.g.)
The database is DB2
|
by: bhughes2187 |
last post by:
I am using access 2003, I am querying the table scarlet using a statement
sql1 = "select rpt from scarlet where rpt <> '~' group by rpt"
basically, rpt will have values of ~, A, B, C, D. A can be assigned to 10 records, B to 5 records, etc...
sql1 should retrieve all the A,B,C,D and group them together so that the result of the query would give me A B C D.
What I want to do is take those values and insert them into an array for...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |