ASP.NET SQL Server logon permission denied

Discussion in 'ASP .Net' started by JT, Jul 5, 2007.

  1. JT

    JT Guest

    I have created a simple ASP.NET application on the intranet, accessible only
    to 2 users who will log in as Administrator; the server runs Windows 2000
    Advanced Server. Page language is C#. The application accesses a database
    that runs on SQL Server 2005 Express Edition, on the same machine where the
    application is hosted. The database is used widely in our office from
    Windows Forms applications, and in the ASP.NET application, I used the same
    connection string I use for Windows Forms applications. Everything works
    fine when debugging the new ASP.NET application in Visual Studio because VS
    automatically logs in as Administrator. However, when I run the application
    from a browser - locally or across the intranet, it denies access to the
    database with the following message:

    [SqlException (0x80131904): Cannot open database "Records" requested by the
    login. The login failed. Login failed for user 'MACHINENAME\ASPNET'.]

    So I disabled Anonymous Access in ISM, and enabled Integrated Windows
    Authentication so that I would be automatically logged in as Administrator.
    I also revised the Web.Config file for this application to deny access to
    all but Administrators. In the Form.Load section of the page, I put the
    following code to display the username so I can be sure:

    string userstring = User.Identity.Name.ToString();
    Response.Write(userstring);

    When the page loads, it shows the Administrator name at the top, so that's
    working correctly. However, I still get the same error message - it denies
    access to the database for user MACHINENAME\ASPNET, even though I'm logged
    into the application as Administrator.

    Any ideas would be most appreciated. Thanks.
    JT, Jul 5, 2007
    #1
    1. Advertising

  2. if the database is on the same machine as the web app - you may wanna add

    <identity impersonate="true" />

    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > I have created a simple ASP.NET application on the intranet,
    > accessible only to 2 users who will log in as Administrator; the
    > server runs Windows 2000 Advanced Server. Page language is C#. The
    > application accesses a database that runs on SQL Server 2005 Express
    > Edition, on the same machine where the application is hosted. The
    > database is used widely in our office from Windows Forms applications,
    > and in the ASP.NET application, I used the same connection string I
    > use for Windows Forms applications. Everything works fine when
    > debugging the new ASP.NET application in Visual Studio because VS
    > automatically logs in as Administrator. However, when I run the
    > application from a browser - locally or across the intranet, it denies
    > access to the database with the following message:
    >
    > [SqlException (0x80131904): Cannot open database "Records" requested
    > by the login. The login failed. Login failed for user
    > 'MACHINENAME\ASPNET'.]
    >
    > So I disabled Anonymous Access in ISM, and enabled Integrated Windows
    > Authentication so that I would be automatically logged in as
    > Administrator. I also revised the Web.Config file for this application
    > to deny access to all but Administrators. In the Form.Load section of
    > the page, I put the following code to display the username so I can be
    > sure:
    >
    > string userstring = User.Identity.Name.ToString();
    > Response.Write(userstring);
    > When the page loads, it shows the Administrator name at the top, so
    > that's working correctly. However, I still get the same error message
    > - it denies access to the database for user MACHINENAME\ASPNET, even
    > though I'm logged into the application as Administrator.
    >
    > Any ideas would be most appreciated. Thanks.
    >
    Dominick Baier, Jul 5, 2007
    #2
    1. Advertising

  3. JT

    Norman Yuan Guest

    Only using Windows Authentication in IIS does not make the ASP.NET app run
    under current user's windows/domain account. Authentication, well, is
    Authentication, it is just way to determine who the user is.

    In your case, you have to make sure the ASP.NET app is run under a user
    account that have acess to the said SQL Server. Since you want use the user
    account who access the the ASP.NET app from client computer, you need:

    1. Make sure IIS use Windows Authentication (you have done that);
    2. Make sure in the ASP.NET app's web.config file <authentication
    mode="Windows" />;
    3. you need to enable "impersonate": make sure the web.config file has this
    in it: <identification impersonate="true" />

    now, the ASP.NET app will run under the user account that a user log onto
    his computer. As long as that user account has access to the said SQL Server
    database, the ASP.NET app will has the same access.


    "JT" <> wrote in message
    news:...
    >I have created a simple ASP.NET application on the intranet, accessible
    >only to 2 users who will log in as Administrator; the server runs Windows
    >2000 Advanced Server. Page language is C#. The application accesses a
    >database that runs on SQL Server 2005 Express Edition, on the same machine
    >where the application is hosted. The database is used widely in our office
    >from Windows Forms applications, and in the ASP.NET application, I used the
    >same connection string I use for Windows Forms applications. Everything
    >works fine when debugging the new ASP.NET application in Visual Studio
    >because VS automatically logs in as Administrator. However, when I run the
    >application from a browser - locally or across the intranet, it denies
    >access to the database with the following message:
    >
    > [SqlException (0x80131904): Cannot open database "Records" requested by
    > the login. The login failed. Login failed for user 'MACHINENAME\ASPNET'.]
    >
    > So I disabled Anonymous Access in ISM, and enabled Integrated Windows
    > Authentication so that I would be automatically logged in as
    > Administrator. I also revised the Web.Config file for this application to
    > deny access to all but Administrators. In the Form.Load section of the
    > page, I put the following code to display the username so I can be sure:
    >
    > string userstring = User.Identity.Name.ToString();
    > Response.Write(userstring);
    >
    > When the page loads, it shows the Administrator name at the top, so that's
    > working correctly. However, I still get the same error message - it
    > denies access to the database for user MACHINENAME\ASPNET, even though I'm
    > logged into the application as Administrator.
    >
    > Any ideas would be most appreciated. Thanks.
    >
    >
    >
    Norman Yuan, Jul 5, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kevin Spencer
    Replies:
    3
    Views:
    2,989
    Kevin Spencer
    Aug 15, 2003
  2. Nathan
    Replies:
    1
    Views:
    4,740
    Frances Valdes
    May 5, 2004
  3. Chen Xiyang
    Replies:
    2
    Views:
    3,889
    =?Utf-8?B?Q2hyaXMgUG9kbW9yZQ==?=
    Mar 1, 2005
  4. Tina
    Replies:
    1
    Views:
    1,226
    Andrew Morton
    Jun 15, 2006
  5. Kjell Kristiansson
    Replies:
    0
    Views:
    282
    Kjell Kristiansson
    Nov 30, 2005
Loading...

Share This Page