"NT Authority\Network Service" in Global.asax

[Guest]

This is weird

On my WinXP development box, database calls made from within my GLOBAL.ASAX go to SQLServer as user "ASPNET" even though I have impersonation turned on in my web.config. That's fine

Now, when I move the whole application over to my Windows 2003 Server box, during the GLOBAL.ASAX calls to SQLServer, I get "Login failed for NT AUTHORITY\NETWORK SERVICE." I don't understand this. "NT AUTHORITY\NETWORK SERVICE" isn't even a user in the user-list on the Windows2003 server

What is this and can you help

Ale

 

[DalePres]

To overcome a similar issue in a recent project I had to, surprisingly, turn
ON anonymous access. In my case, I was calling a stored procedure from a
webservice that had been called by an ASP.Net page. In the ASP.Net page, I
had impersonation turned on and had to turn anonymous access off for the
webservice to get the correct identity. The strange thing was that, in the
production IIS 5.0, SQL Server, on a different machine altogether started
returning the error you describe. Only when I turned anonymous access on
did it work correctly.

So, the point is...Play with anonymous access but it may not always work
consistently between IIS 5.1 and IIS 5.0.

Dale

This is weird!

On my WinXP development box, database calls made from within my

GLOBAL.ASAX go to SQLServer as user "ASPNET" even though I have
impersonation turned on in my web.config. That's fine.

Now, when I move the whole application over to my Windows 2003 Server box,

during the GLOBAL.ASAX calls to SQLServer, I get "Login failed for NT
AUTHORITY\NETWORK SERVICE." I don't understand this. "NT AUTHORITY\NETWORK
SERVICE" isn't even a user in the user-list on the Windows2003 server.

 

[Guest]

I'm not sure I get this. DO you mean that I should play with the access settings in IIS's security property page? Or do you mean the "Impersonation" section in Web.Config? In any case, this isn't really an option in this area anyway: I'll have to eventually set the access privilages the way I need 'em, right

Doesn't anyone know exactly what this error means

Thanks

Ale

----- DalePres wrote: ----

To overcome a similar issue in a recent project I had to, surprisingly, tur
ON anonymous access. In my case, I was calling a stored procedure from
webservice that had been called by an ASP.Net page. In the ASP.Net page,
had impersonation turned on and had to turn anonymous access off for th
webservice to get the correct identity. The strange thing was that, in th
production IIS 5.0, SQL Server, on a different machine altogether starte
returning the error you describe. Only when I turned anonymous access o
did it work correctly

So, the point is...Play with anonymous access but it may not always wor
consistently between IIS 5.1 and IIS 5.0

Dal

This is weird

GLOBAL.ASAX go to SQLServer as user "ASPNET" even though I hav
impersonation turned on in my web.config. That's fineduring the GLOBAL.ASAX calls to SQLServer, I get "Login failed for N
AUTHORITY\NETWORK SERVICE." I don't understand this. "NT AUTHORITY\NETWOR
SERVICE" isn't even a user in the user-list on the Windows2003 server

 

[clintonG]

NT AUTHORITY is a specific type of user account that runs in
the context of an Application Pool. There is an interesting article
[2] that discusses the use of Integrated Security when MS-SQL
is or is not on the same machine as IIS.

Since I've recently had this same introduction to NT AUTHORITY
which I previously knew nothing about I decided to try to use that
Google thingy where I am now starting to get an understanding of
the circumstances. Hint Hint ;-)

--
<%= Clinton Gallagher
A/E/C Consulting, Web Design, e-Commerce Software Development
Wauwatosa, Milwaukee County, Wisconsin USA
NET csgallagher@ REMOVETHISTEXT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/

[1]
http://msdn.microsoft.com/library/d...-us/iissdk/iis/ref_mb_apppoolidentitytype.asp
[2]
http://www.winnetmag.com/SQLServer/Forums/messageview.cfm?catid=1667&threadid=119443

I'm not sure I get this. DO you mean that I should play with the

access settings in IIS's security property page? Or do you mean the
"Impersonation" section in Web.Config? In any case, this isn't really an
option in this area anyway: I'll have to eventually set the access
privilages the way I need 'em, right?

 

[Eric Marvets]

Its probablly because the event from your global.asax does not have a user
to impersonate. If that's the issue, then you are impersonating the user
that visits the site instead of a single user you set up in a config file,
correct?

Some events that fire in ASP.NET are fired by the ASP.NET process, not a
user visiting the site. Let me know if that is the case. I'm still not up
to speed on all of the Win2k3 process stuff like i am on 2000, but I need to
learn it quick and don;t mind doing it


--
Eric Marvets
Principal Consultant

the bang project

<shameless self promotion>

Email (e-mail address removed) for Information on Our
Architecture and Mentoring Services

</shameless self promotion>