473,320 Members | 1,861 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Using SQL trusted connections with ASP.NET

Hello all,

I've read over:

http://idunno.org/dotNet/trustedConnections.aspx

I would like to use a trusted connection vice using encrypted database
strings:
http://msdn.microsoft.com/library/de...SecNetHT11.asp
http://msdn.microsoft.com/library/de...SecNetHT11.asp

So, I've created a local account on both the IIS Server and the SQL server.
On IIS 6.0, I've created an Application Pool specific to my application, and
then configured it to run under the local account. On SQL Server 2000 server,
I created a local account with matching username and strong password, then
added the account in SQL EM, granted access to my application database.

Finally, I've changed my web.config file to have a connection string of the
form:

<add key="DatabaseConnection" value="server=myserver;Persist Security
Info=False;database=mydatabase;Integrated Security=SSPI;"/>

If the application runs in the new application pool configured with the
local account, I get the error message:

Service Unavailable

Of course, if I put my ASP.NET application back in the default connection
pool, the application is reachable, but fails upon the first database
connection due to a login failure which uses the machine's credentials.

Suggestions for how to implement this?

Thanks,
Nov 19 '05 #1
5 1476
When you are using a trusted connection, you do not have to make any
matching user/password on the SQL server. The user that the ASP.NET worker
process impersonates, should have permissions on the database(s) you are
trying to access. Which means, you add this user (a local or a domain user),
and add this user to the SQL Server. That should do it.

--
Manohar Kamath
Editor, .netWire
www.dotnetwire.com
"Adam Getchell" <Ad**********@discussions.microsoft.com> wrote in message
news:3B**********************************@microsof t.com...
Hello all,

I've read over:

http://idunno.org/dotNet/trustedConnections.aspx

I would like to use a trusted connection vice using encrypted database
strings:
http://msdn.microsoft.com/library/de...SecNetHT11.asp http://msdn.microsoft.com/library/de...SecNetHT11.asp
So, I've created a local account on both the IIS Server and the SQL server. On IIS 6.0, I've created an Application Pool specific to my application, and then configured it to run under the local account. On SQL Server 2000 server, I created a local account with matching username and strong password, then
added the account in SQL EM, granted access to my application database.

Finally, I've changed my web.config file to have a connection string of the form:

<add key="DatabaseConnection" value="server=myserver;Persist Security
Info=False;database=mydatabase;Integrated Security=SSPI;"/>

If the application runs in the new application pool configured with the
local account, I get the error message:

Service Unavailable

Of course, if I put my ASP.NET application back in the default connection
pool, the application is reachable, but fails upon the first database
connection due to a login failure which uses the machine's credentials.

Suggestions for how to implement this?

Thanks,

Nov 19 '05 #2
Hi Adam:

Do you have any more details about the error? Any thing in the event
viewer? It's possible the account needs some ACLs set on a file or
directory somewhere.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Wed, 2 Mar 2005 10:33:03 -0800, "Adam Getchell"
<Ad**********@discussions.microsoft.com> wrote:
Hello all,

I've read over:

http://idunno.org/dotNet/trustedConnections.aspx

I would like to use a trusted connection vice using encrypted database
strings:
http://msdn.microsoft.com/library/de...SecNetHT11.asp
http://msdn.microsoft.com/library/de...SecNetHT11.asp

So, I've created a local account on both the IIS Server and the SQL server.
On IIS 6.0, I've created an Application Pool specific to my application, and
then configured it to run under the local account. On SQL Server 2000 server,
I created a local account with matching username and strong password, then
added the account in SQL EM, granted access to my application database.

Finally, I've changed my web.config file to have a connection string of the
form:

<add key="DatabaseConnection" value="server=myserver;Persist Security
Info=False;database=mydatabase;Integrated Security=SSPI;"/>

If the application runs in the new application pool configured with the
local account, I get the error message:

Service Unavailable

Of course, if I put my ASP.NET application back in the default connection
pool, the application is reachable, but fails upon the first database
connection due to a login failure which uses the machine's credentials.

Suggestions for how to implement this?

Thanks,


Nov 19 '05 #3
On Wed, 2 Mar 2005 13:26:40 -0600, "Manohar Kamath"
<mk*****@TAKETHISOUTkamath.com> wrote:
When you are using a trusted connection, you do not have to make any
matching user/password on the SQL server. The user that the ASP.NET worker
process impersonates, should have permissions on the database(s) you are
trying to access. Which means, you add this user (a local or a domain user),
and add this user to the SQL Server. That should do it.

I believe Adam is using a "trusted subsystem" model. Using local
accounts, without an AD, requires matching credentials on both sides
so that the database can authenticate the user.
--
Scott
http://www.OdeToCode.com/blogs/scott/
Nov 19 '05 #4
if your site does not run under the service account, then check dir
permissions. also look at the permissions of the asp.net account, and be
sure your new one has the same.

-- bruce

"Adam Getchell" <Ad**********@discussions.microsoft.com> wrote in message
news:3B**********************************@microsof t.com...
| Hello all,
|
| I've read over:
|
| http://idunno.org/dotNet/trustedConnections.aspx
|
| I would like to use a trusted connection vice using encrypted database
| strings:
|
http://msdn.microsoft.com/library/de...SecNetHT11.asp
|
http://msdn.microsoft.com/library/de...SecNetHT11.asp
|
| So, I've created a local account on both the IIS Server and the SQL
server.
| On IIS 6.0, I've created an Application Pool specific to my application,
and
| then configured it to run under the local account. On SQL Server 2000
server,
| I created a local account with matching username and strong password, then
| added the account in SQL EM, granted access to my application database.
|
| Finally, I've changed my web.config file to have a connection string of
the
| form:
|
| <add key="DatabaseConnection" value="server=myserver;Persist Security
| Info=False;database=mydatabase;Integrated Security=SSPI;"/>
|
| If the application runs in the new application pool configured with the
| local account, I get the error message:
|
| Service Unavailable
|
| Of course, if I put my ASP.NET application back in the default connection
| pool, the application is reachable, but fails upon the first database
| connection due to a login failure which uses the machine's credentials.
|
| Suggestions for how to implement this?
|
| Thanks,
Nov 19 '05 #5
"bruce barker" wrote:
if your site does not run under the service account, then check dir
permissions. also look at the permissions of the asp.net account, and be
sure your new one has the same.
The permissions of the aspnet account on IIS turned out to be the issue. It
was easily solved by making aspnet a member of the local administrators
group. :-(

Now, is there any listing of the necessary perms to allow an account to run
an application pool?
-- bruce


Adam

Nov 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Mike | last post by:
I have a web farm (10 win 2003 machines) running an ASP .Net application (IIS 6.0) how can I use trusted connections on the 10 boxes to connect to a MS SQL 2000 database? Do I have to configure...
2
by: Blake Versiga | last post by:
I am pulling my hair out..... I am trying to put a bound data grid on a webform... I have 4 data connections in my server explorer, all of which connect successfully. But when I run the web...
4
by: Shawn H. Mesiatowsky | last post by:
I have a strange problem here. I have my development computer with IIS installed, and we have a SQL server as well on a windows 2000 server. both are members of a domain. I have restricted access...
6
by: ZRexRider | last post by:
Hi, I have a .NET application that connects to a SQL 2000 database using trusted security. It eventually calls a stored procedure that receives 3 parameters - nothing special. If I simply...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.