Login failed for user '(null)'


B

Brett

I have an ASP.NET 2.0 application that uses Forms Authentication. The
startup page contains just a login control, and the site works well on an
IIS 6 web server. I am now setting the site up on the production web
server, which runs Windows 2008 Server and IIS 7. The login page comes up,
but when I try to log in, I get the error, "Login failed for user '(null)'.
Reason: Not associated with a trusted SQL Server connection." For debugging
purposes, the Windows identity is displayed on the login page, and it is "NT
Authority\Network Service". Anonymous authentication is enabled and uses
the application pool identity (NetworkService.) Impersonation is enabled
and uses the authenticated user's identity. NT Authority\Network Service
has been granted full permissions to the application database, as well as
the ASP.NET membership database on SQL Server. (The SQL Server resides on a
different machine from the web server.) The connection strings section of
web.config is as follows:



<clear/>

<remove name="LocalSqlServer"/>

<add name="LocalSqlServer" connectionString="Data Source=Jupiter;Initial
Catalog=aspnetdb;Integrated Security=true"
providerName="System.Data.SqlClient"/>

<add name="SMS_ConnString" connectionString="Data Source=Jupiter;Initial
Catalog=SMS;Integrated Security=true" providerName="System.Data.SqlClient"/>



Does anyone know what might be causing the "login failed" of how I can debug
this problem?



Thanks in advance,

Brett
 
Ad

Advertisements

A

Alexey Smirnov

I have an ASP.NET 2.0 application that uses Forms Authentication.  The
startup page contains just a login control, and the site works well on an
IIS 6 web server.  I am now setting the site up on the production web
server, which runs Windows 2008 Server and IIS 7.  The login page comes up,
but when I try to log in, I get the error, "Login failed for user '(null)'.
Reason: Not associated with a trusted SQL Server connection."  For debugging
purposes, the Windows identity is displayed on the login page, and it is "NT
Authority\Network Service".  Anonymous authentication is enabled and uses
the application pool identity (NetworkService.)  Impersonation is enabled
and uses the authenticated user's identity.  NT Authority\Network Service
has been granted full permissions to the application database, as well as
the ASP.NET membership database on SQL Server.  (The SQL Server resides on a
different machine from the web server.)  

Brett, NT Authority\Network Service are local accounts and SQL cannot
recognize the user from the other server. You will need a domain
account.
 
A

Alexey Smirnov

This may help you

Granting Access to a Remote SQL Server
http://msdn.microsoft.com/en-us/library/ms998320.aspx

If you are accessing a database on another server in the same domain
(or in a trusted domain), the Network Service account's network
credentials are used to authenticate to the database. The Network
Service account's credentials are of the form DomainName\AspNetServer
$, where DomainName is the domain of the ASP.NET server and
AspNetServer is your Web server name.

For example, if your ASP.NET application runs on a server named SVR1
in the domain CONTOSO, the SQL Server sees a database access request
from CONTOSO\SVR1$.

To access a remote SQL Server using Network Service

To grant access to a remote database server in the same domain or a
trusted domain, follow the steps described earlier for a local
database, except in step 4, use the DomainName\AspNetServer$ account
to create the database login.

Note In production environments, you should place the network
service account into a Windows group and create a SQL Server login for
the Windows group.
 
S

Steven Cheng [MSFT]

Hi Brett,

As Alexey has mentioned, the problem you encounter is likely due to the
current IIS worker process account(Network Service) doesn't have permission
to access the remote SQL server instance. Though your ASP.NET application
is using forms authentication, it will use windows authentication when try
accessing the sql datdabase(on remote machine) when query the database for
authentication validating. I think on your development environment, the
worker process account have enough permission to access the backend
database.

As Alexey also recommend, you can try granting your network service account
the permission to the remote SQL server instance. Or you can consider grant
a group membership to that account(should be a domain group) which also
apply to the remote SQL machine and have permission to access the certain
SQL database.

Here is a security guideline article for ASP.NET:

#Security Guidelines: ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_data
access

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
From: "Brett" <[email protected]>
Subject: Login failed for user '(null)'
Date: Fri, 29 Aug 2008 15:54:14 -0400
I have an ASP.NET 2.0 application that uses Forms Authentication. The
startup page contains just a login control, and the site works well on an
IIS 6 web server. I am now setting the site up on the production web
server, which runs Windows 2008 Server and IIS 7. The login page comes up,
but when I try to log in, I get the error, "Login failed for user '(null)'.
Reason: Not associated with a trusted SQL Server connection." For debugging
purposes, the Windows identity is displayed on the login page, and it is "NT
Authority\Network Service". Anonymous authentication is enabled and uses
the application pool identity (NetworkService.) Impersonation is enabled
and uses the authenticated user's identity. NT Authority\Network Service
has been granted full permissions to the application database, as well as
the ASP.NET membership database on SQL Server. (The SQL Server resides on
a
 
S

Steven Cheng [MSFT]

Hi Brett,

Have you got any further ideas on this issue or still need any help on this?

Looking forward to your good news.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Content-Transfer-Encoding: 7bit
From: (e-mail address removed) (Steven Cheng [MSFT])
Organization: Microsoft
Date: Mon, 01 Sep 2008 03:17:29 GMT
Subject: RE: Login failed for user '(null)'
 
Ad

Advertisements

B

Brett

Alexey, you are correct. Thank you!

Brett


This may help you

Granting Access to a Remote SQL Server
http://msdn.microsoft.com/en-us/library/ms998320.aspx

If you are accessing a database on another server in the same domain
(or in a trusted domain), the Network Service account's network
credentials are used to authenticate to the database. The Network
Service account's credentials are of the form DomainName\AspNetServer
$, where DomainName is the domain of the ASP.NET server and
AspNetServer is your Web server name.

For example, if your ASP.NET application runs on a server named SVR1
in the domain CONTOSO, the SQL Server sees a database access request
from CONTOSO\SVR1$.

To access a remote SQL Server using Network Service

To grant access to a remote database server in the same domain or a
trusted domain, follow the steps described earlier for a local
database, except in step 4, use the DomainName\AspNetServer$ account
to create the database login.

Note In production environments, you should place the network
service account into a Windows group and create a SQL Server login for
the Windows group.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top