Authentication problem continued

[SAL]

Hello,
I'm still having trouble getting my app to authenticate correctly.
I have read the tips at:
http://www.devhood.com/messages/message_view-2.aspx?thread_id=72204

and am still having trouble making this happen correctly. Here are my
settings.
SQL Server 2005 db access is required
Web page
Anonymous access is turned off in IIS.
<identity impersonate="true" />
<impersonate="true" />

Connection string is:
packet size=4096;Trusted_Connection=True;data source=NTserver;persist
security info=False;initial catalog=MyTest"

I pass in my user name and password as:

User Id=me;Password=mypassword

When I take out the User Id and Password stuff and put in:
Integrated Security=SSPI

I get logged in, but only on my developement machine and not another box.

When the user name and password is passed in the connection string I get the
login failed for User Id=me

I'm the dbo of this sql server database so I should be able to log in.
However, I need to be able to access this web page from machines other than
my development box also.

Can anyone help me with this? Thanks

S

 

[Gabriel Lozano-Morán]

Going by your input there could be 2 problems that I can think off

1) SQL Server is configured for Windows Authentication only and not mixed
authentication

2) The account used to set the security context for the application pool of
your web site has no access to the other box' SQL Server

Gabriel Lozano-Morán
http://www.pointerx.net

 

[SAL]

Gabriel,
thank you for your reply.

I have a SQL Server login established now and I can log in on my development
machine but I'm getting the Anonymous login failure on my test box.

my machinename\ASPNET is a user of the database and is a user for the
server, it looks like to me.
What other account might be being used to set the security context for the
application pool? I'm not sure about this part.

S

 

[SAL]

Another piece of information here is that if I run the app on my development
box, then go to my test box and access the web page as:
my machinename/ClarkCategory/Startfrm1.aspx it will open up and work
correctly. However, once a certain amount of time has expired, the login
will fail on my test box again.

S

 

[Gabriel Lozano-Morán]

If your dev and test sandbox running Windows Server 2003?

Gabriel

 

[Gabriel Lozano-Morán]

What other account might be being used to set the security context for the

application pool? I'm not sure about this part.

Login failures are logged to the Application event log therefore try to
reconnect and then look at the event log for "login failed" messages.

Gabriel Lozano-Morán
http://www.pointerx.net

 

[SAL]

both are running XP sp2.

S

If your dev and test sandbox running Windows Server 2003?

Gabriel

 

[SAL]

Yeah, I'm not seeing any logs that seem helpful in the event viewer.
However, the line that causes the login failure is where I try to open the
connection to SQL Server.
If I take the impersonate="true"
line out of the web.config file, I can no longer log in on my development
box either.

S

 

[Gabriel Lozano-Morán]

Can you post the exact exception message please?

Gabriel

 

[SAL]

Sure Gabriel. This is the exception I get if on my test box if I haven't run
the app on my development box very recently:

Exception Text:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Login failed for user
'NT AUTHORITY\ANONYMOUS LOGON'.

Source Error:


Line 209: If SqlConnection2.State <> ConnectionState.Open Then
Line 210: SqlConnection2.ConnectionString = scon
Line 211: SqlConnection2.Open()
Line 212: End If
Line 213: com.Connection = SqlConnection2

Source File: c:\inetpub\wwwroot\ClarkCategory\StartFrm1.aspx.vb Line: 211

Does this have anything to do with the double hop problem?

S

 

[SAL]

Okay, well at the risk of sounding the all clear too soon, it appears what
has been happening here is that when you hit SQL Server, you actually have
to log into the machine that is hosting SQL Server to be able to reach it.
Because I was disallowing Anonymous Logins via Directory Security a user,
whoever, on my test box was not able to reach the machine and therefore
couldn't reach SQL Server. When I changed Directory Security to allow
Anonymous Access and entering in my user name and password, I could then
reach the server and the, temporarily hard coded, SQL Server user name and
password I was sending in the connection string worked to allow access via
that user.

If that's not clear as mud, let me know and I'll try to clearify more.
Thanks for your help on the Gabriel
S