November 30, 2010 at 4:53 pm
Hi everyone,
I have a perplexing question that needs an answer. I have designed a web site that will allow a user to search for data on street gangs in our area.
My web site is installed on a Server 2003 box with IIS 6.0. From here the user enters a gang name into the web page and clicks the search button and the request is sent to my SQL Server 2008 box which should return a list of possible members of that gang.
The problem I am having is that when I click the search button I get an error telling me that the login failed for user name "MCSO\MCSO-WEBQUERY$" which is the machine I am hosting the web site on.
I have tried to add this user to the database in SQL Server but it will not find the machine name. I tries creating a user in AD and changing the connection string to include this but it did not work. I have tried everything short of installing SQL Server on to the web server itself. When I look at the SQL Event Logs this error is in there so I am getting to the database just not into the database.
How can I get my web site to talk to my database?
Any help that anyone can give will be greatly appreciated.
Here is the error I am getting:
Server Error in '/' Application.
--------------------------------------------------------------------------------
Login failed for user 'MCSO\MCSO-WEBQUERY$'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'MCSO\MCSO-WEBQUERY$'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Login failed for user 'MCSO\MCSO-WEBQUERY$'.]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +5009598
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() +234
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2275
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK) +35
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, SqlConnection owningObject) +183
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, TimeoutTimer timeout) +239
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, TimeoutTimer timeout, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +195
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +232
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +185
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +33
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +524
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +479
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +108
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +126
System.Data.SqlClient.SqlConnection.Open() +125
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +123
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +319
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) +92
System.Web.UI.WebControls.SqlDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +1618
System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback) +21
System.Web.UI.WebControls.DataBoundControl.PerformSelect() +143
System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +74
System.Web.UI.WebControls.GridView.DataBind() +4
System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +66
System.Web.UI.WebControls.GridView.OnPreRender(EventArgs e) +26
System.Web.UI.Control.PreRenderRecursiveInternal() +103
System.Web.UI.Control.PreRenderRecursiveInternal() +175
System.Web.UI.Control.PreRenderRecursiveInternal() +175
System.Web.UI.Control.PreRenderRecursiveInternal() +175
System.Web.UI.Control.PreRenderRecursiveInternal() +175
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2496
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1
December 1, 2010 at 6:49 am
Your problem is permissions for the Asp.net runtime because this is a double hop issue that is SQL Server and IIS are in separate boxes. You need to create an account for the Asp.net runtime in the IIS box and add that to SQL Server on both the server level and database level.
Kind regards,
Gift Peddie
January 6, 2011 at 2:22 pm
Are you using Windows Authentication from the client to IIS, and are you trying to use that users identity to authenticate on the SQL Server? If you are, then you need to configure Kerberos authentication all the way from the client->IIS->SQL Server. This is the double-hop that was mention in the previous post.
If this is not what you are trying to do, then you should either specify a user/pwd in the connection string, or allow the account running the application (look in IIS Manager->Application Pools) access to the SQL Server.
January 6, 2011 at 4:14 pm
Nils Gustav Stråbø (1/6/2011)
Are you using Windows Authentication from the client to IIS, and are you trying to use that users identity to authenticate on the SQL Server? If you are, then you need to configure Kerberos authentication all the way from the client->IIS->SQL Server. This is the double-hop that was mention in the previous post.If this is not what you are trying to do, then you should either specify a user/pwd in the connection string, or allow the account running the application (look in IIS Manager->Application Pools) access to the SQL Server.
Kerberos configuration may not work all the time even when trust is configured that is the reason to use a an account to resolve the Asp.net connection context.
Kind regards,
Gift Peddie
January 7, 2011 at 12:42 am
Are you saying that Kerberos is unstable? I've never had issues with it once it was configured correctly.
There are other issues that needs to be considered, for example that currently only Internet Explorer and Google Chrome supports Kerberos. For all other browsers, IIS will fall back to NTLM if Negotiate is configured, and then you'll end up with authentication problems to the SQL Server.
We use Kerberos with IIS and SQL Server on many of our internal websites, and it's working very good as long as Internet Explorer is being used.
January 7, 2011 at 7:02 am
We use Kerberos with IIS and SQL Server on many of our internal websites, and it's working very good as long as Internet Explorer is being used.
Internal is the operative word because Windows authentication is not practical for any external site because when you support more than a few thousand users both SQL Server and Asp.net will run into scaling issues. IIS 7.5 comes with Windows Authentication disabled be default because it is now owned by the developer division not Windows.
Kind regards,
Gift Peddie
January 7, 2011 at 7:18 am
I agree that Windows Authentication should not/cannot be used for external sites, but if the thread starter objective is to use the client's (internal) Windows identity for authentication all the way from the client pc, to IIS and finally to SQL Server, then Kerberos is the only viable way to go.
I'm not saying that this is the correct way to do it in thread starter's case, and that is why I asked him what he/she is trying to accomplish.
If all communication from IIS to SQL Server can be done with a "proxy" account, then by all means, do it. There are many pros by doing it that way; connection pooling is one.
January 7, 2011 at 7:29 am
If all communication from IIS to SQL Server can be done with a "proxy" account, then by all means, do it. There are many pros by doing it that way; connection pooling is one.
That is what I am talking about an account for the Asp.net runtime, in Asp.net it is called dedicated account for the runtime and SQL Server calls it a context account.
Kind regards,
Gift Peddie
January 7, 2011 at 7:38 am
And that is what I asked him about. What is his requirement?
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply