473,320 Members | 2,004 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

integrated Secure with Sql Server

ad
I want to set integrated Secure in my connect string to SQL Server

I set the connect string as:

workstation id=xxx;packet size=4096;integrated security=SSPI;initial
catalog=vvv;persist security info=False

and I have execute sp_grantlogin 'ServerName\ASPNET' in Sql Query Analyzer

But when I execute my web application, it result an error at line:

¦bsqlDataAdapter1.Fill(dataset1);

The error message is 'NT AUTHORITY\NETWORK SERVICE'

How can I solve this problem?


Nov 19 '05 #1
4 1397
Hi ad:

It sounds like you are on Win 2003 which uses the NETWORK SERVICE
account to run the worker process instead of the ASPNET account.
You'll need to grant the 'NT AUTHORITY\NETWORK SERVICE' a login it and
database privs.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 6 Mar 2005 06:24:43 +0800, "ad" <ad@wfes.tcc.edu.tw> wrote:
I want to set integrated Secure in my connect string to SQL Server

I set the connect string as:

workstation id=xxx;packet size=4096;integrated security=SSPI;initial
catalog=vvv;persist security info=False

and I have execute sp_grantlogin 'ServerName\ASPNET' in Sql Query Analyzer

But when I execute my web application, it result an error at line:

¦bsqlDataAdapter1.Fill(dataset1);

The error message is 'NT AUTHORITY\NETWORK SERVICE'

How can I solve this problem?


Nov 19 '05 #2
ad
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003
account?
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK SERVICE'
? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?

"Scott Allen" <sc***@nospam.odetocode.com>
???????:3l********************************@4ax.com ...
Hi ad:

It sounds like you are on Win 2003 which uses the NETWORK SERVICE
account to run the worker process instead of the ASPNET account.
You'll need to grant the 'NT AUTHORITY\NETWORK SERVICE' a login it and
database privs.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 6 Mar 2005 06:24:43 +0800, "ad" <ad@wfes.tcc.edu.tw> wrote:
I want to set integrated Secure in my connect string to SQL Server

I set the connect string as:

workstation id=xxx;packet size=4096;integrated security=SSPI;initial
catalog=vvv;persist security info=False

and I have execute sp_grantlogin 'ServerName\ASPNET' in Sql Query Analyzer
But when I execute my web application, it result an error at line:

¦bsqlDataAdapter1.Fill(dataset1);

The error message is 'NT AUTHORITY\NETWORK SERVICE'

How can I solve this problem?

Nov 19 '05 #3

"ad" <ad@wfes.tcc.edu.tw> wrote in message
news:uV*************@TK2MSFTNGP15.phx.gbl...
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003
account?
The service is in there on the local box.
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK SERVICE' ? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?


You can give very granular rights. Select the objects you want to hit and
give the rights to the account there.
NOTE: This is not the best way to give access to SQL Server. In this
instance, you are potentially less secure than you are using a UID and PWD
in your connection string. The better method is to force people to log in,
using WIndows Authentication, and give Domain Users access to the objects
(still a bit insecure, but less than allowing the entire web world access).
This does not work with Internet apps, of course.

Another possibility is to set up a web service and give it rights to SQL and
have the web server use it. You can then give access to the NETWORK SERVICE
account without opening everything to the web directly. Still less secure
than other means.

COM+ is another option where you can assign a specific user. It is also
possible, but rather complex, to set up a service that uses a specific
account and run some form of persistence layer to serve data.

--
Gregory A. Beamer
MVP; MCP: +I, SD, SE, DBA

*************************************************
Think outside the box!
*************************************************
Nov 19 '05 #4
ad
Thank a lot!

1. So that you mean 'NT AUTHORITY\NETWORK SERVICE' is not a user account?
2. What is the local box?

1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003 account?
The service is in there on the local box.


"Cowboy (Gregory A. Beamer)" <No*************@comcast.netNoSpamM> ¼¶¼g©ó¶l¥ó
·s»D:e$*************@TK2MSFTNGP10.phx.gbl...
"ad" <ad@wfes.tcc.edu.tw> wrote in message
news:uV*************@TK2MSFTNGP15.phx.gbl...
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003 account?
The service is in there on the local box.
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK

SERVICE'
? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?


You can give very granular rights. Select the objects you want to hit and
give the rights to the account there.
NOTE: This is not the best way to give access to SQL Server. In this
instance, you are potentially less secure than you are using a UID and PWD
in your connection string. The better method is to force people to log in,
using WIndows Authentication, and give Domain Users access to the objects
(still a bit insecure, but less than allowing the entire web world

access). This does not work with Internet apps, of course.

Another possibility is to set up a web service and give it rights to SQL and have the web server use it. You can then give access to the NETWORK SERVICE account without opening everything to the web directly. Still less secure
than other means.

COM+ is another option where you can assign a specific user. It is also
possible, but rather complex, to set up a service that uses a specific
account and run some form of persistence layer to serve data.

--
Gregory A. Beamer
MVP; MCP: +I, SD, SE, DBA

*************************************************
Think outside the box!
*************************************************

Nov 19 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Ravikanth[MVP] | last post by:
Hi It is possible that IIS and SQL Server can reside on Seperate Machines and you can use Integrated Windows Authentication to connect. Ravikanth >-----Original Message-----
9
by: Tom B | last post by:
In my web.config file I've specified Windows for the authentication, in IIS I've set it to Integrated Authentication. But my SQL connection is still showing Anonymous. Is there somewhere else I...
4
by: Andrew | last post by:
Hey all, I would like to preface my question by stating I am still learning ASP.net and while I am confident in the basics and foundation, the more advanced stuff is still a challenge. Ok....
5
by: cdlipfert | last post by:
Our intranet is running under windows integrated security. We have domain users that want to access our intranet site via ssl vpn. SSL VPN can not authenticate against services that run under...
2
by: Bob | last post by:
I would like to use integrated security for DB connection for my ASP.NET applications. Since these apps have different databases (SQL Server), I want each app to be able to access its own...
7
by: Henry | last post by:
I am writing a Windows forms VB.Net/MS SQL application via VS 2003 that utilizes Crystal Reports. I want to be able to dynamically set the report data source at run time. I'm trying to change...
3
by: =?Utf-8?B?RGFuZGFuIFpoYW5n?= | last post by:
Now I have a web application, a web service and a SQL Server database. The Web application will invoke the web service, the web service invokes the SQL Server stored procedure. I let the web...
11
by: benoitc | last post by:
I've been having a problem debugging an ASP.NET 1.1 application on an existing Windows XP/Visual Studio 2003 workstation that I've inherited from somebody else. The application builds fine, but...
1
by: mledbetter | last post by:
I've written a simple web stress tester application using TCPClient. My code was working fine against our web server until our server admin changed IIS security setting by removing anonymous access...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.