468,140 Members | 1,165 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,140 developers. It's quick & easy.

Using SQL trusted connections with ASP.NET

Hello all,

I've read over:

http://idunno.org/dotNet/trustedConnections.aspx

I would like to use a trusted connection vice using encrypted database
strings:
http://msdn.microsoft.com/library/de...SecNetHT11.asp
http://msdn.microsoft.com/library/de...SecNetHT11.asp

So, I've created a local account on both the IIS Server and the SQL server.
On IIS 6.0, I've created an Application Pool specific to my application, and
then configured it to run under the local account. On SQL Server 2000 server,
I created a local account with matching username and strong password, then
added the account in SQL EM, granted access to my application database.

Finally, I've changed my web.config file to have a connection string of the
form:

<add key="DatabaseConnection" value="server=myserver;Persist Security
Info=False;database=mydatabase;Integrated Security=SSPI;"/>

If the application runs in the new application pool configured with the
local account, I get the error message:

Service Unavailable

Of course, if I put my ASP.NET application back in the default connection
pool, the application is reachable, but fails upon the first database
connection due to a login failure which uses the machine's credentials.

Suggestions for how to implement this?

Thanks,
Nov 19 '05 #1
5 1326
When you are using a trusted connection, you do not have to make any
matching user/password on the SQL server. The user that the ASP.NET worker
process impersonates, should have permissions on the database(s) you are
trying to access. Which means, you add this user (a local or a domain user),
and add this user to the SQL Server. That should do it.

--
Manohar Kamath
Editor, .netWire
www.dotnetwire.com
"Adam Getchell" <Ad**********@discussions.microsoft.com> wrote in message
news:3B**********************************@microsof t.com...
Hello all,

I've read over:

http://idunno.org/dotNet/trustedConnections.aspx

I would like to use a trusted connection vice using encrypted database
strings:
http://msdn.microsoft.com/library/de...SecNetHT11.asp http://msdn.microsoft.com/library/de...SecNetHT11.asp
So, I've created a local account on both the IIS Server and the SQL server. On IIS 6.0, I've created an Application Pool specific to my application, and then configured it to run under the local account. On SQL Server 2000 server, I created a local account with matching username and strong password, then
added the account in SQL EM, granted access to my application database.

Finally, I've changed my web.config file to have a connection string of the form:

<add key="DatabaseConnection" value="server=myserver;Persist Security
Info=False;database=mydatabase;Integrated Security=SSPI;"/>

If the application runs in the new application pool configured with the
local account, I get the error message:

Service Unavailable

Of course, if I put my ASP.NET application back in the default connection
pool, the application is reachable, but fails upon the first database
connection due to a login failure which uses the machine's credentials.

Suggestions for how to implement this?

Thanks,

Nov 19 '05 #2
Hi Adam:

Do you have any more details about the error? Any thing in the event
viewer? It's possible the account needs some ACLs set on a file or
directory somewhere.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Wed, 2 Mar 2005 10:33:03 -0800, "Adam Getchell"
<Ad**********@discussions.microsoft.com> wrote:
Hello all,

I've read over:

http://idunno.org/dotNet/trustedConnections.aspx

I would like to use a trusted connection vice using encrypted database
strings:
http://msdn.microsoft.com/library/de...SecNetHT11.asp
http://msdn.microsoft.com/library/de...SecNetHT11.asp

So, I've created a local account on both the IIS Server and the SQL server.
On IIS 6.0, I've created an Application Pool specific to my application, and
then configured it to run under the local account. On SQL Server 2000 server,
I created a local account with matching username and strong password, then
added the account in SQL EM, granted access to my application database.

Finally, I've changed my web.config file to have a connection string of the
form:

<add key="DatabaseConnection" value="server=myserver;Persist Security
Info=False;database=mydatabase;Integrated Security=SSPI;"/>

If the application runs in the new application pool configured with the
local account, I get the error message:

Service Unavailable

Of course, if I put my ASP.NET application back in the default connection
pool, the application is reachable, but fails upon the first database
connection due to a login failure which uses the machine's credentials.

Suggestions for how to implement this?

Thanks,


Nov 19 '05 #3
On Wed, 2 Mar 2005 13:26:40 -0600, "Manohar Kamath"
<mk*****@TAKETHISOUTkamath.com> wrote:
When you are using a trusted connection, you do not have to make any
matching user/password on the SQL server. The user that the ASP.NET worker
process impersonates, should have permissions on the database(s) you are
trying to access. Which means, you add this user (a local or a domain user),
and add this user to the SQL Server. That should do it.

I believe Adam is using a "trusted subsystem" model. Using local
accounts, without an AD, requires matching credentials on both sides
so that the database can authenticate the user.
--
Scott
http://www.OdeToCode.com/blogs/scott/
Nov 19 '05 #4
if your site does not run under the service account, then check dir
permissions. also look at the permissions of the asp.net account, and be
sure your new one has the same.

-- bruce

"Adam Getchell" <Ad**********@discussions.microsoft.com> wrote in message
news:3B**********************************@microsof t.com...
| Hello all,
|
| I've read over:
|
| http://idunno.org/dotNet/trustedConnections.aspx
|
| I would like to use a trusted connection vice using encrypted database
| strings:
|
http://msdn.microsoft.com/library/de...SecNetHT11.asp
|
http://msdn.microsoft.com/library/de...SecNetHT11.asp
|
| So, I've created a local account on both the IIS Server and the SQL
server.
| On IIS 6.0, I've created an Application Pool specific to my application,
and
| then configured it to run under the local account. On SQL Server 2000
server,
| I created a local account with matching username and strong password, then
| added the account in SQL EM, granted access to my application database.
|
| Finally, I've changed my web.config file to have a connection string of
the
| form:
|
| <add key="DatabaseConnection" value="server=myserver;Persist Security
| Info=False;database=mydatabase;Integrated Security=SSPI;"/>
|
| If the application runs in the new application pool configured with the
| local account, I get the error message:
|
| Service Unavailable
|
| Of course, if I put my ASP.NET application back in the default connection
| pool, the application is reachable, but fails upon the first database
| connection due to a login failure which uses the machine's credentials.
|
| Suggestions for how to implement this?
|
| Thanks,
Nov 19 '05 #5
"bruce barker" wrote:
if your site does not run under the service account, then check dir
permissions. also look at the permissions of the asp.net account, and be
sure your new one has the same.
The permissions of the aspnet account on IIS turned out to be the issue. It
was easily solved by making aspnet a member of the local administrators
group. :-(

Now, is there any listing of the necessary perms to allow an account to run
an application pool?
-- bruce


Adam

Nov 19 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Shawn H. Mesiatowsky | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.