By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,002 Members | 2,137 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,002 IT Pros & Developers. It's quick & easy.

Exception Login failed for user '(null)'

P: n/a
mo
The code I've pasted below is taken directly from Microsoft's site at
http://support.microsoft.com/default...b;EN-US;308157

As far as I can tell the error is raised on this line:

conn = New SqlConnection("server=MyServer;Integrated
Security=SSPI;database=pubs")

If I use the code as is, I get the error above. The code only works if I
hardcode the username and pwd into it as in the following line:

conn = New SqlConnection("server=MyServer;uid=**;pwd=*******; database=pubs")
and have removed the reference to SSPI.

I assumed the whole point of this was so that you didn't have to hardcode
usernames and passwords, but could authenticate directly against a SQL
Server DB? Is there something obvious that I'm doing wrong?

Thanks for any help.

P.S. The pubs db holds a table called 'users' which has all the user
cretendials as per the instructions on the webpage.

--------------------------------

Code:

Private Function ValidateUser(ByVal userName As String, ByVal passWord As
String) As Boolean

Dim conn As SqlConnection

Dim cmd As SqlCommand

Dim lookupPassword As String

lookupPassword = Nothing

' Check for an invalid userName.

' userName must not be set to nothing and must be between one and 15
characters.

If ((userName Is Nothing)) Then

System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
userName failed.")

Return False

End If

If ((userName.Length = 0) Or (userName.Length > 15)) Then

System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
userName failed.")

Return False

End If

' Check for invalid passWord.

' passWord must not be set to nothing and must be between one and 25
characters.

If (passWord Is Nothing) Then

System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
passWord failed.")

Return False

End If

If ((passWord.Length = 0) Or (passWord.Length > 25)) Then

System.Diagnostics.Trace.WriteLine("[ValidateUser] Input validation of
passWord failed.")

Return False

End If

Try

' Consult with your SQL Server administrator for an appropriate connection

' string to use to connect to your local SQL Server.

'conn = New
SqlConnection("server=QMWIPMRM3;uid=sa;pwd=sys_adm in;database=pubs")

conn = New SqlConnection("server=QMWIPMRM3;Integrated
Security=SSPI;database=pubs")

conn.Open()

' Create SqlCommand to select pwd field from the users table given a
supplied userName.

cmd = New SqlCommand("Select pwd from users where uname=@userName", conn)

cmd.Parameters.Add("@userName", SqlDbType.VarChar, 25)

cmd.Parameters("@userName").Value = userName

' Execute command and fetch pwd field into lookupPassword string.

lookupPassword = cmd.ExecuteScalar()

' Cleanup command and connection objects.

cmd.Dispose()

conn.Dispose()

Catch ex As Exception

' Add error handling here for debugging.

' This error message should not be sent back to the caller.

System.Diagnostics.Trace.WriteLine("[ValidateUser] Exception " & ex.Message)

End Try

' If no password found, return false.

If (lookupPassword Is Nothing) Then

' You could write failed login attempts here to the event log for additional
security.

Return False

End If

' Compare lookupPassword and input passWord by using a case-sensitive
comparison.

Return (String.Compare(lookupPassword, passWord, False) = 0)

End Function

Jul 21 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
mo wrote:
The code I've pasted below is taken directly from Microsoft's site at
http://support.microsoft.com/default...b;EN-US;308157

As far as I can tell the error is raised on this line:

conn = New SqlConnection("server=MyServer;Integrated
Security=SSPI;database=pubs")

If I use the code as is, I get the error above. The code only works
if I hardcode the username and pwd into it as in the following line:

conn = New
SqlConnection("server=MyServer;uid=**;pwd=*******; database=pubs") and
have removed the reference to SSPI.

I assumed the whole point of this was so that you didn't have to
hardcode usernames and passwords, but could authenticate directly
against a SQL Server DB? Is there something obvious that I'm doing
wrong?


Did you turn off either in your web.config or your IIS settings for your
virtual directory the ability for anonymous access? In your web.config
check the <authorization> node and make sure you have <deny users="?" /> to
deny anonymous users access.
--
Tom Porterfield
MS-MVP MCE
http://support.telop.org

Please post all follow-ups to the newsgroup only.

Jul 21 '05 #2

P: n/a
mo
Yes Tom, that particular setting in my web.config file reads:

<authorization>
<deny users ="?" />

<allow users = "*" />

</authorization>

Any other ideas?

Did you turn off either in your web.config or your IIS settings for your
virtual directory the ability for anonymous access? In your web.config
check the <authorization> node and make sure you have <deny users="?" /> to deny anonymous users access.
--
Tom Porterfield
MS-MVP MCE
http://support.telop.org

Please post all follow-ups to the newsgroup only.

Jul 21 '05 #3

P: n/a
mo
However, in the IIS settings anonymous access is turned on currently. I've
turned it off and tried that (and rebooted!). Still nothing.

Did you turn off either in your web.config or your IIS settings for your
virtual directory the ability for anonymous access? In your web.config
check the <authorization> node and make sure you have <deny users="?" /> to deny anonymous users access.
--
Tom Porterfield
MS-MVP MCE
http://support.telop.org

Please post all follow-ups to the newsgroup only.

Jul 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.