Login failed for user '(null)'

Discussion in 'ASP .Net' started by Brett, Aug 29, 2008.

  1. Brett

    Brett Guest

    I have an ASP.NET 2.0 application that uses Forms Authentication. The
    startup page contains just a login control, and the site works well on an
    IIS 6 web server. I am now setting the site up on the production web
    server, which runs Windows 2008 Server and IIS 7. The login page comes up,
    but when I try to log in, I get the error, "Login failed for user '(null)'.
    Reason: Not associated with a trusted SQL Server connection." For debugging
    purposes, the Windows identity is displayed on the login page, and it is "NT
    Authority\Network Service". Anonymous authentication is enabled and uses
    the application pool identity (NetworkService.) Impersonation is enabled
    and uses the authenticated user's identity. NT Authority\Network Service
    has been granted full permissions to the application database, as well as
    the ASP.NET membership database on SQL Server. (The SQL Server resides on a
    different machine from the web server.) The connection strings section of
    web.config is as follows:



    <clear/>

    <remove name="LocalSqlServer"/>

    <add name="LocalSqlServer" connectionString="Data Source=Jupiter;Initial
    Catalog=aspnetdb;Integrated Security=true"
    providerName="System.Data.SqlClient"/>

    <add name="SMS_ConnString" connectionString="Data Source=Jupiter;Initial
    Catalog=SMS;Integrated Security=true" providerName="System.Data.SqlClient"/>



    Does anyone know what might be causing the "login failed" of how I can debug
    this problem?



    Thanks in advance,

    Brett
     
    Brett, Aug 29, 2008
    #1
    1. Advertising

  2. On Aug 29, 9:54 pm, "Brett" <> wrote:
    > I have an ASP.NET 2.0 application that uses Forms Authentication.  The
    > startup page contains just a login control, and the site works well on an
    > IIS 6 web server.  I am now setting the site up on the production web
    > server, which runs Windows 2008 Server and IIS 7.  The login page comes up,
    > but when I try to log in, I get the error, "Login failed for user '(null)'.
    > Reason: Not associated with a trusted SQL Server connection."  For debugging
    > purposes, the Windows identity is displayed on the login page, and it is "NT
    > Authority\Network Service".  Anonymous authentication is enabled and uses
    > the application pool identity (NetworkService.)  Impersonation is enabled
    > and uses the authenticated user's identity.  NT Authority\Network Service
    > has been granted full permissions to the application database, as well as
    > the ASP.NET membership database on SQL Server.  (The SQL Server resides on a
    > different machine from the web server.)  


    Brett, NT Authority\Network Service are local accounts and SQL cannot
    recognize the user from the other server. You will need a domain
    account.
     
    Alexey Smirnov, Aug 29, 2008
    #2
    1. Advertising

  3. On Aug 29, 11:01 pm, Alexey Smirnov <> wrote:
    > On Aug 29, 9:54 pm, "Brett" <> wrote:
    >
    > > I have an ASP.NET 2.0 application that uses Forms Authentication.  The
    > > startup page contains just a login control, and the site works well on an
    > > IIS 6 web server.  I am now setting the site up on the production web
    > > server, which runs Windows 2008 Server and IIS 7.  The login page comes up,
    > > but when I try to log in, I get the error, "Login failed for user '(null)'.
    > > Reason: Not associated with a trusted SQL Server connection."  For debugging
    > > purposes, the Windows identity is displayed on the login page, and it is "NT
    > > Authority\Network Service".  Anonymous authentication is enabled and uses
    > > the application pool identity (NetworkService.)  Impersonation is enabled
    > > and uses the authenticated user's identity.  NT Authority\Network Service
    > > has been granted full permissions to the application database, as well as
    > > the ASP.NET membership database on SQL Server.  (The SQL Server resides on a
    > > different machine from the web server.)  

    >


    This may help you

    Granting Access to a Remote SQL Server
    http://msdn.microsoft.com/en-us/library/ms998320.aspx

    If you are accessing a database on another server in the same domain
    (or in a trusted domain), the Network Service account's network
    credentials are used to authenticate to the database. The Network
    Service account's credentials are of the form DomainName\AspNetServer
    $, where DomainName is the domain of the ASP.NET server and
    AspNetServer is your Web server name.

    For example, if your ASP.NET application runs on a server named SVR1
    in the domain CONTOSO, the SQL Server sees a database access request
    from CONTOSO\SVR1$.

    To access a remote SQL Server using Network Service

    To grant access to a remote database server in the same domain or a
    trusted domain, follow the steps described earlier for a local
    database, except in step 4, use the DomainName\AspNetServer$ account
    to create the database login.

    Note In production environments, you should place the network
    service account into a Windows group and create a SQL Server login for
    the Windows group.
     
    Alexey Smirnov, Aug 29, 2008
    #3
  4. Hi Brett,

    As Alexey has mentioned, the problem you encounter is likely due to the
    current IIS worker process account(Network Service) doesn't have permission
    to access the remote SQL server instance. Though your ASP.NET application
    is using forms authentication, it will use windows authentication when try
    accessing the sql datdabase(on remote machine) when query the database for
    authentication validating. I think on your development environment, the
    worker process account have enough permission to access the backend
    database.

    As Alexey also recommend, you can try granting your network service account
    the permission to the remote SQL server instance. Or you can consider grant
    a group membership to that account(should be a domain group) which also
    apply to the remote SQL machine and have permission to access the certain
    SQL database.

    Here is a security guideline article for ASP.NET:

    #Security Guidelines: ASP.NET 2.0
    http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_data
    access

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

    Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    where an initial response from the community or a Microsoft Support
    Engineer within 1 business day is acceptable. Please note that each follow
    up response may take approximately 2 business days as the support
    professional working with you may need further investigation to reach the
    most efficient resolution. The offering is not appropriate for situations
    that require urgent, real-time or phone-based interactions or complex
    project analysis and dump analysis issues. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.



    --------------------
    >From: "Brett" <>
    >Subject: Login failed for user '(null)'
    >Date: Fri, 29 Aug 2008 15:54:14 -0400


    >
    >I have an ASP.NET 2.0 application that uses Forms Authentication. The
    >startup page contains just a login control, and the site works well on an
    >IIS 6 web server. I am now setting the site up on the production web
    >server, which runs Windows 2008 Server and IIS 7. The login page comes

    up,
    >but when I try to log in, I get the error, "Login failed for user

    '(null)'.
    >Reason: Not associated with a trusted SQL Server connection." For

    debugging
    >purposes, the Windows identity is displayed on the login page, and it is

    "NT
    >Authority\Network Service". Anonymous authentication is enabled and uses
    >the application pool identity (NetworkService.) Impersonation is enabled
    >and uses the authenticated user's identity. NT Authority\Network Service
    >has been granted full permissions to the application database, as well as
    >the ASP.NET membership database on SQL Server. (The SQL Server resides on

    a
    >different machine from the web server.) The connection strings section of
    >web.config is as follows:
    >
    >
    >
    > <clear/>
    >
    > <remove name="LocalSqlServer"/>
    >
    > <add name="LocalSqlServer" connectionString="Data Source=Jupiter;Initial
    >Catalog=aspnetdb;Integrated Security=true"
    >providerName="System.Data.SqlClient"/>
    >
    > <add name="SMS_ConnString" connectionString="Data Source=Jupiter;Initial
    >Catalog=SMS;Integrated Security=true"

    providerName="System.Data.SqlClient"/>
    >
    >
    >
    >Does anyone know what might be causing the "login failed" of how I can

    debug
    >this problem?
    >
    >
    >
    >Thanks in advance,
    >
    >Brett
    >
    >
    >
     
    Steven Cheng [MSFT], Sep 1, 2008
    #4
  5. Hi Brett,

    Have you got any further ideas on this issue or still need any help on this?

    Looking forward to your good news.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    Delighting our customers is our #1 priority. We welcome your comments and
    suggestions about how we can improve the support we provide to you. Please
    feel free to let my manager know what you think of the level of service
    provided. You can send feedback directly to my manager at:
    .

    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    ==================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------

    >Content-Transfer-Encoding: 7bit
    >From: (Steven Cheng [MSFT])
    >Organization: Microsoft
    >Date: Mon, 01 Sep 2008 03:17:29 GMT
    >Subject: RE: Login failed for user '(null)'


    >
    >Hi Brett,
    >
    >As Alexey has mentioned, the problem you encounter is likely due to the
    >current IIS worker process account(Network Service) doesn't have

    permission
    >to access the remote SQL server instance. Though your ASP.NET application
    >is using forms authentication, it will use windows authentication when try
    >accessing the sql datdabase(on remote machine) when query the database for
    >authentication validating. I think on your development environment, the
    >worker process account have enough permission to access the backend
    >database.
    >
    >As Alexey also recommend, you can try granting your network service

    account
    >the permission to the remote SQL server instance. Or you can consider

    grant
    >a group membership to that account(should be a domain group) which also
    >apply to the remote SQL machine and have permission to access the certain
    >SQL database.
    >
    >Here is a security guideline article for ASP.NET:
    >
    >#Security Guidelines: ASP.NET 2.0
    >http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_dat

    a
    >access
    >
    >Sincerely,
    >
    >Steven Cheng
    >
    >Microsoft MSDN Online Support Lead
    >
    >
    >Delighting our customers is our #1 priority. We welcome your comments and
    >suggestions about how we can improve the support we provide to you. Please
    >feel free to let my manager know what you think of the level of service
    >provided. You can send feedback directly to my manager at:
    >.
    >
    >==================================================
    >Get notification to my posts through email? Please refer to
    >http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    >Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
    >where an initial response from the community or a Microsoft Support
    >Engineer within 1 business day is acceptable. Please note that each follow
    >up response may take approximately 2 business days as the support
    >professional working with you may need further investigation to reach the
    >most efficient resolution. The offering is not appropriate for situations
    >that require urgent, real-time or phone-based interactions or complex
    >project analysis and dump analysis issues. Issues of this nature are best
    >handled working with a dedicated Microsoft Support Engineer by contacting
    >Microsoft Customer Support Services (CSS) at
    >http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us
     
    Steven Cheng [MSFT], Sep 3, 2008
    #5
  6. Brett

    Brett Guest

    Alexey, you are correct. Thank you!

    Brett

    "Alexey Smirnov" <> wrote in message
    news:...
    On Aug 29, 11:01 pm, Alexey Smirnov <> wrote:
    > On Aug 29, 9:54 pm, "Brett" <> wrote:
    >
    > > I have an ASP.NET 2.0 application that uses Forms Authentication. The
    > > startup page contains just a login control, and the site works well on
    > > an
    > > IIS 6 web server. I am now setting the site up on the production web
    > > server, which runs Windows 2008 Server and IIS 7. The login page comes
    > > up,
    > > but when I try to log in, I get the error, "Login failed for user
    > > '(null)'.
    > > Reason: Not associated with a trusted SQL Server connection." For
    > > debugging
    > > purposes, the Windows identity is displayed on the login page, and it is
    > > "NT
    > > Authority\Network Service". Anonymous authentication is enabled and uses
    > > the application pool identity (NetworkService.) Impersonation is enabled
    > > and uses the authenticated user's identity. NT Authority\Network Service
    > > has been granted full permissions to the application database, as well
    > > as
    > > the ASP.NET membership database on SQL Server. (The SQL Server resides
    > > on a
    > > different machine from the web server.)

    >


    This may help you

    Granting Access to a Remote SQL Server
    http://msdn.microsoft.com/en-us/library/ms998320.aspx

    If you are accessing a database on another server in the same domain
    (or in a trusted domain), the Network Service account's network
    credentials are used to authenticate to the database. The Network
    Service account's credentials are of the form DomainName\AspNetServer
    $, where DomainName is the domain of the ASP.NET server and
    AspNetServer is your Web server name.

    For example, if your ASP.NET application runs on a server named SVR1
    in the domain CONTOSO, the SQL Server sees a database access request
    from CONTOSO\SVR1$.

    To access a remote SQL Server using Network Service

    To grant access to a remote database server in the same domain or a
    trusted domain, follow the steps described earlier for a local
    database, except in step 4, use the DomainName\AspNetServer$ account
    to create the database login.

    Note In production environments, you should place the network
    service account into a Windows group and create a SQL Server login for
    the Windows group.
     
    Brett, Sep 5, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Blake Versiga
    Replies:
    2
    Views:
    19,792
    Yan-Hong Huang[MSFT]
    Jul 9, 2003
  2. rl30
    Replies:
    1
    Views:
    632
    emachine
    Aug 15, 2003
  3. Calvin I

    Login Failed for user (null)

    Calvin I, Aug 18, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    393
    Steven Campbell
    Aug 20, 2003
  4. Frederik
    Replies:
    0
    Views:
    1,416
    Frederik
    Nov 25, 2003
  5. Tony Johansson
    Replies:
    3
    Views:
    16,274
    Patrice
    Jan 2, 2010
Loading...

Share This Page