473,320 Members | 1,802 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Getting COM components running in ASP.NET to connect to SQL Server databases

Sorry for the cross-post but I've really no idea where this is best suited.

I've an ADO.NET application which connects to a SQL Server database. I have
spent the entire morning trying to get it to connect, but eventually got it
working by setting (in the web.config file) the authentication mode to
"Windows" and the identity impersonate flag to "True". I have left the
identity username blank so that it picks up the username and password from
the IIS configuration windows.

This is working fine. However, at one stage in my application I create a COM
object and call a function within it. The COM object creates an ADO-classic
connection to the database. This connection is failing every time with the
following error:

Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.

The connection string it is using is as follows:

Provider=SQLOLEDB;SERVER=(servername);Trusted_Conn ection=yes;Initial
Catalog=(dbname)

The IIS web site is configured to allow Anonymous access, and it has been
provided with the username and password of a domain user account. This user
is successfully being used by the ASP.NET and ADO.NET portion of my code.
But the COM and ADO-classic seems to be ignoring these settings.

My SQL Server only has Windows Authentication enabled (I am unable to use
SQL Server authentication due to company network policies).

What can I try doing in order to get this to work? I'm tearing my hair out
with this at the moment as I just can't find a strategy to move this
forward.

My thanks in advance,

--

(O)enone
Nov 19 '05 #1
7 1483
This is a classic issue. Consider that in an ASP application, it's IIS that
"owns" the connection and the ASP pages that get launched. As such it has
its own identity "ASPNET". This means you need to create a Login Account in
SQL Server to connect to the Windows account "ASPNET" and grant it rights to
the appropriate objects (and just those objects).

hth

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
Microsoft MVP
www.betav.com/blog/billva
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________

"Oenone" <oe****@nowhere.com> wrote in message
news:ul**************@TK2MSFTNGP09.phx.gbl...
Sorry for the cross-post but I've really no idea where this is best
suited.

I've an ADO.NET application which connects to a SQL Server database. I
have spent the entire morning trying to get it to connect, but eventually
got it working by setting (in the web.config file) the authentication mode
to "Windows" and the identity impersonate flag to "True". I have left the
identity username blank so that it picks up the username and password from
the IIS configuration windows.

This is working fine. However, at one stage in my application I create a
COM object and call a function within it. The COM object creates an
ADO-classic connection to the database. This connection is failing every
time with the following error:

Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.

The connection string it is using is as follows:

Provider=SQLOLEDB;SERVER=(servername);Trusted_Conn ection=yes;Initial
Catalog=(dbname)

The IIS web site is configured to allow Anonymous access, and it has been
provided with the username and password of a domain user account. This
user is successfully being used by the ASP.NET and ADO.NET portion of my
code. But the COM and ADO-classic seems to be ignoring these settings.

My SQL Server only has Windows Authentication enabled (I am unable to use
SQL Server authentication due to company network policies).

What can I try doing in order to get this to work? I'm tearing my hair out
with this at the moment as I just can't find a strategy to move this
forward.

My thanks in advance,

--

(O)enone

Nov 19 '05 #2
William (Bill) Vaughn wrote:
This is a classic issue. Consider that in an ASP application, it's
IIS that "owns" the connection and the ASP pages that get launched.
As such it has its own identity "ASPNET". This means you need to
create a Login Account in SQL Server to connect to the Windows
account "ASPNET" and grant it rights to the appropriate objects (and
just those objects).


Hi Bill,

Thanks for the reply. I'm not sure this is actually the problem though...

With a combination of Windows authentication and impersonation, I've already
configured the IIS session to use a different user identity to ASPNET (I'm
using a domain account which we have created called IUSR_IIS). I can see
that the ASP.NET connection is successfully logging into the database using
this username (and not ASPNET).

However the ASP-classic connection (created within the COM object) appears
not to be using the IUSR_IIS credentials that the main process is using.

Could it be that the COM object is somehow falling back to the
non-impersonated identity?

Thanks,

--

(O) e n o n e
Nov 19 '05 #3
It could be. I usually recommend use of application-specific logons. I use
other techniques to validate the user using my own "valid user" tables. This
lets me tune what the user sees and can do based on their "rights" specified
by this server-based table. It's a lot easier than trying to figure out how
to get Kerberos to work.

--
____________________________________
William (Bill) Vaughn
Author, Mentor, Consultant
Microsoft MVP
www.betav.com/blog/billva
www.betav.com
Please reply only to the newsgroup so that others can benefit.
This posting is provided "AS IS" with no warranties, and confers no rights.
__________________________________

"Oenone" <oe****@nowhere.com> wrote in message
news:AQ*******************@newsfe1-win.ntli.net...
William (Bill) Vaughn wrote:
This is a classic issue. Consider that in an ASP application, it's
IIS that "owns" the connection and the ASP pages that get launched.
As such it has its own identity "ASPNET". This means you need to
create a Login Account in SQL Server to connect to the Windows
account "ASPNET" and grant it rights to the appropriate objects (and
just those objects).


Hi Bill,

Thanks for the reply. I'm not sure this is actually the problem though...

With a combination of Windows authentication and impersonation, I've
already
configured the IIS session to use a different user identity to ASPNET (I'm
using a domain account which we have created called IUSR_IIS). I can see
that the ASP.NET connection is successfully logging into the database
using
this username (and not ASPNET).

However the ASP-classic connection (created within the COM object) appears
not to be using the IUSR_IIS credentials that the main process is using.

Could it be that the COM object is somehow falling back to the
non-impersonated identity?

Thanks,

--

(O) e n o n e

Nov 19 '05 #4
COM uses the process identity to call-out, while ADO.NET uses the
impersonated thread context.
So in your case COM uses "aspnet" to call out, while ado.net uses the domain
account.
One option to solve this issue is to changed the identity of the worker
process from aspnet into the same domain account, but I would never suggest
to run asp.net using a domain identity. I suggest you don't use integrated
security to concet to SQL server, but supply explicit SQL credentials in
your conncetion string(s). These credentials can better be encrypted and
stored in your config file.
Willy.
Willy.

"Oenone" <oe****@nowhere.com> wrote in message
news:AQ*******************@newsfe1-win.ntli.net...
William (Bill) Vaughn wrote:
This is a classic issue. Consider that in an ASP application, it's
IIS that "owns" the connection and the ASP pages that get launched.
As such it has its own identity "ASPNET". This means you need to
create a Login Account in SQL Server to connect to the Windows
account "ASPNET" and grant it rights to the appropriate objects (and
just those objects).


Hi Bill,

Thanks for the reply. I'm not sure this is actually the problem though...

With a combination of Windows authentication and impersonation, I've
already
configured the IIS session to use a different user identity to ASPNET (I'm
using a domain account which we have created called IUSR_IIS). I can see
that the ASP.NET connection is successfully logging into the database
using
this username (and not ASPNET).

However the ASP-classic connection (created within the COM object) appears
not to be using the IUSR_IIS credentials that the main process is using.

Could it be that the COM object is somehow falling back to the
non-impersonated identity?

Thanks,

--

(O) e n o n e

Nov 19 '05 #5
Willy Denoyette [MVP] wrote:
So in your case COM uses "aspnet" to call out, while ado.net uses the
domain account.
Many thanks for that -- I can see a way to progress in this case. And I
still have a little bit of hair left too. :-)
I suggest you
don't use integrated security to concet to SQL server, but supply
explicit SQL credentials in your conncetion string(s). These
credentials can better be encrypted and stored in your config file.


By this do you mean to use SQL Server authentication instead of Windows
authentication? If so then whilst I don't disagree with what you're saying,
I'm not sure it is an option for me (we don't permit SQL Server
authentication on any of our servers as part of our company security
policy). It may be better for me to just permit the ASPNET user to access
the databases on the SQL Server and allow COM to access them like that.

Thanks for your help,

--

(O) e n o n e
Nov 19 '05 #6

"Oenone" <oe****@nowhere.com> wrote in message
news:p7******************@newsfe1-win.ntli.net...
Willy Denoyette [MVP] wrote:
So in your case COM uses "aspnet" to call out, while ado.net uses the
domain account.


Many thanks for that -- I can see a way to progress in this case. And I
still have a little bit of hair left too. :-)
I suggest you
don't use integrated security to concet to SQL server, but supply
explicit SQL credentials in your conncetion string(s). These
credentials can better be encrypted and stored in your config file.


By this do you mean to use SQL Server authentication instead of Windows
authentication? If so then whilst I don't disagree with what you're
saying,
I'm not sure it is an option for me (we don't permit SQL Server
authentication on any of our servers as part of our company security
policy). It may be better for me to just permit the ASPNET user to access
the databases on the SQL Server and allow COM to access them like that.

Thanks for your help,

--

(O) e n o n e


You won't be able to access SQLServer on another server using the "aspnet"
account. ASPNET is a local (machine) account (auto-generated) with
restricted privileges (doesn't have network privileges at all).
So, your options are rather limitted:
Run the asp.net worker process using domain credentials (not sure the the
company security policy allows this), or,
drop your DAL in a COM+ (System.EnterpriseServices classes) server type
application that runs with fixed windows credentials.

Willy.

Nov 19 '05 #7
Willy Denoyette [MVP] wrote:
So, your options are rather limitted:
Run the asp.net worker process using domain credentials


Could you by any chance point me to a resource that explains how to do this?

Many thanks,

--

(O)enone
Nov 19 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Linda Lee | last post by:
I purchased Visual Basic .NET version 2003 Standard I first try to connect Visual Basic .NET 2003 Standard to SQL Server 2000 Personal edition. When I go into Visual Basic .NET under Server...
3
by: Dad | last post by:
I need to connect SQL Server 2000 to DB2 on z/OS through DB2 Connect 8. I can successfully connect and query data through a System DSN, but trying to link the server using this DSN and MSDASQL...
2
by: David Hearn | last post by:
Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. Description: An unhandled exception occurred during the execution of the current...
2
by: Steve Gollery | last post by:
I installed Postgres 8 beta 3 on an XP box, with Postgres running as a service. TaskManager tells me that postgres and postmaster are both running. Using pgAdmin III, I can connect to the server...
5
by: Nathan Given | last post by:
Hello All, I've been struggling on and off for 3 months trying to connect to an DB2 database running on an IBM iSeries machine. I FINALLY figured out how to connect with Coldfusion (see...
4
by: Odd Bjørn Andersen | last post by:
I have installed DB2 9 Enterprise Edition on my laptop (Windows xp prof. ed.). But when I try to connect to any of my local databases I get this error: SQL30082N Security processing failed with...
0
by: mogenses | last post by:
This is going to be a good one but may be easy for you experts. I have recently joined a tech support dept supporting an application using ACCESS 2.0 DATABASES and I believe written in Fox Pro. ...
0
by: TG | last post by:
Hi! Once again I have hit a brick wall here. I have a combobox in which the user types the server name and then clicks on button 'CONNECT' to populate the next combobox which contains all the...
4
by: lage | last post by:
I am working with a system using a Com+ layer built in VB6. I am now trying to use these components from VB.Net. I have added the component as reference and .Net seem to communicate with the...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.