By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,247 Members | 1,165 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,247 IT Pros & Developers. It's quick & easy.

integrated Secure with Sql Server

P: n/a
ad
I want to set integrated Secure in my connect string to SQL Server

I set the connect string as:

workstation id=xxx;packet size=4096;integrated security=SSPI;initial
catalog=vvv;persist security info=False

and I have execute sp_grantlogin 'ServerName\ASPNET' in Sql Query Analyzer

But when I execute my web application, it result an error at line:

在sqlDataAdapter1.Fill(dataset1);

The error message is 'NT AUTHORITY\NETWORK SERVICE'

How can I solve this problem?


Nov 19 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi ad:

It sounds like you are on Win 2003 which uses the NETWORK SERVICE
account to run the worker process instead of the ASPNET account.
You'll need to grant the 'NT AUTHORITY\NETWORK SERVICE' a login it and
database privs.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 6 Mar 2005 06:24:43 +0800, "ad" <ad@wfes.tcc.edu.tw> wrote:
I want to set integrated Secure in my connect string to SQL Server

I set the connect string as:

workstation id=xxx;packet size=4096;integrated security=SSPI;initial
catalog=vvv;persist security info=False

and I have execute sp_grantlogin 'ServerName\ASPNET' in Sql Query Analyzer

But when I execute my web application, it result an error at line:

在sqlDataAdapter1.Fill(dataset1);

The error message is 'NT AUTHORITY\NETWORK SERVICE'

How can I solve this problem?


Nov 19 '05 #2

P: n/a
ad
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003
account?
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK SERVICE'
? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?

"Scott Allen" <sc***@nospam.odetocode.com>
???????:3l********************************@4ax.com ...
Hi ad:

It sounds like you are on Win 2003 which uses the NETWORK SERVICE
account to run the worker process instead of the ASPNET account.
You'll need to grant the 'NT AUTHORITY\NETWORK SERVICE' a login it and
database privs.

--
Scott
http://www.OdeToCode.com/blogs/scott/

On Sun, 6 Mar 2005 06:24:43 +0800, "ad" <ad@wfes.tcc.edu.tw> wrote:
I want to set integrated Secure in my connect string to SQL Server

I set the connect string as:

workstation id=xxx;packet size=4096;integrated security=SSPI;initial
catalog=vvv;persist security info=False

and I have execute sp_grantlogin 'ServerName\ASPNET' in Sql Query Analyzer
But when I execute my web application, it result an error at line:

在sqlDataAdapter1.Fill(dataset1);

The error message is 'NT AUTHORITY\NETWORK SERVICE'

How can I solve this problem?

Nov 19 '05 #3

P: n/a

"ad" <ad@wfes.tcc.edu.tw> wrote in message
news:uV*************@TK2MSFTNGP15.phx.gbl...
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003
account?
The service is in there on the local box.
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK SERVICE' ? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?


You can give very granular rights. Select the objects you want to hit and
give the rights to the account there.
NOTE: This is not the best way to give access to SQL Server. In this
instance, you are potentially less secure than you are using a UID and PWD
in your connection string. The better method is to force people to log in,
using WIndows Authentication, and give Domain Users access to the objects
(still a bit insecure, but less than allowing the entire web world access).
This does not work with Internet apps, of course.

Another possibility is to set up a web service and give it rights to SQL and
have the web server use it. You can then give access to the NETWORK SERVICE
account without opening everything to the web directly. Still less secure
than other means.

COM+ is another option where you can assign a specific user. It is also
possible, but rather complex, to set up a service that uses a specific
account and run some form of persistence layer to serve data.

--
Gregory A. Beamer
MVP; MCP: +I, SD, SE, DBA

*************************************************
Think outside the box!
*************************************************
Nov 19 '05 #4

P: n/a
ad
Thank a lot!

1. So that you mean 'NT AUTHORITY\NETWORK SERVICE' is not a user account?
2. What is the local box?

1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003 account?
The service is in there on the local box.


"Cowboy (Gregory A. Beamer)" <No*************@comcast.netNoSpamM> 撰寫於郵件
新聞:e$*************@TK2MSFTNGP10.phx.gbl...
"ad" <ad@wfes.tcc.edu.tw> wrote in message
news:uV*************@TK2MSFTNGP15.phx.gbl...
Thank
But I have still some question
1. Why I can't find the 'NT AUTHORITY\NETWORK SERVICE' in my Windows 2003 account?
The service is in there on the local box.
2. Must I must give the database db owner to 'NT AUTHORITY\NETWORK

SERVICE'
? Can I give 'NT AUTHORITY\NETWORK SERVICE' a lower role?


You can give very granular rights. Select the objects you want to hit and
give the rights to the account there.
NOTE: This is not the best way to give access to SQL Server. In this
instance, you are potentially less secure than you are using a UID and PWD
in your connection string. The better method is to force people to log in,
using WIndows Authentication, and give Domain Users access to the objects
(still a bit insecure, but less than allowing the entire web world

access). This does not work with Internet apps, of course.

Another possibility is to set up a web service and give it rights to SQL and have the web server use it. You can then give access to the NETWORK SERVICE account without opening everything to the web directly. Still less secure
than other means.

COM+ is another option where you can assign a specific user. It is also
possible, but rather complex, to set up a service that uses a specific
account and run some form of persistence layer to serve data.

--
Gregory A. Beamer
MVP; MCP: +I, SD, SE, DBA

*************************************************
Think outside the box!
*************************************************

Nov 19 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.