Re: I can't login to Sql no matter what i try! i'm ignorant and i need help :)

From: Mary Chipman (mchip@nomail.please)
Date: 01/31/03


From: Mary Chipman <mchip@nomail.please>
Date: Fri, 31 Jan 2003 13:09:20 -0500


I'd recommend taking a gander at that ASP.NET security best practices
whitepaper. It's hard to troubleshoot when you're not actually
there...

-- Mary
MCW Technologies
http://www.mcwtech.com

On Thu, 30 Jan 2003 07:27:26 -0800, "logan" <ryan.martin@iccicorp.com>
wrote:

>Thanks for the reply, however sql is using (windows and
>sql) Mixed authentication.
>Any other ideas?
>
>>-----Original Message-----
>>It sounds like your server is configured for Windows
>authentication
>>only. Go into the server properties in the Enterprise
>Manager and
>>check out the settings on the Security tab. You also
>might want to
>>take a look at the security "best practices" whitepaper:
>>http://www.microsoft.com/downloads/release.asp?
>ReleaseID=44047
>>
>>-- Mary
>>MCW Technologies
>>http://www.mcwtech.com
>>
>>On Wed, 29 Jan 2003 12:28:16 -0800, "logan"
><ryan.martin@iccicorp.com>
>>wrote:
>>
>>>using : .NET Server RC1
>>> IIS 6
>>> ASP.NET
>>> SQL 2000 (eval)
>>>
>>>ok when i attempt to login to my Web App i get this :
>>>
>>>System.Data.SqlClient.SqlException: Cannot open
>database
>>>requested in login 'T254DN_Staging'. Login fails. Login
>>>failed for user 'sa'. (sa is just to test, i've tried
>all
>>>my other logins).
>>>
>>>i dont think i want to use integrated security because
>>>many of the users of the site wont have windows
>accounts.
>>>i just want ASP.NET to access the database,
>>> i have tried
>>>adding the ASPNET account as a user in the database
>with
>>>administrative db role (again as a test).
>>>
>>>
>>>SQL Server is set to authenticate in Mixed Mode
>>>
>>>IIS is set up for anonymous access with the IUSR_
>account
>>>
>>>WebConfig authentication mode : tried Forms and None.
>>>neither made a diff.
>>>
>>>Machine.Config :
>>> <identity impersonate="false" userName=""
>password=""/>
>>>
>>>i dont get it. i dont understand, can a brotha just get
>>>some sql data for his web app.
>>>
>>>thanks.
>>>
>>>
>>
>>.
>>



Relevant Pages

  • [NEWS] Xpede Found to Contain Multiple Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Intellisol Xpede ... anyone with a valid Xpede user account to issue requests to the Xpede's ... name used by Xpede to perform all its SQL queries. ...
    (Securiteam)
  • Re: ASP.NET Process Identity???
    ... In the application I not need/want to create user accounts into SQL Server. ... To control the security I have created a personalized security system. ... you can switch back to normal ASPNET machine account for the ... >> Public Class Personificacion ...
    (microsoft.public.dotnet.security)
  • Re: Windows vs SQL
    ... I would also add that with the sql security, ... account is a "known" entity in that a hacker knows that it exists and there ... >>> im always hearing that ms recommends trusted security ...
    (microsoft.public.sqlserver.security)
  • Re: How to use EFS to encrypt SQL DB file
    ... You want to make sure that SQL is starting here with an ... account that has the right to decrypt the mdf file. ... For information about the Microsoft Strategic Technology ... Protection Program and to order your FREE Security Tool Kit, ...
    (microsoft.public.sqlserver.security)
  • Re: Microsoft Informational Alert
    ... > PSS Security Response Team Alert - SQL Security Recommendations ... > PRODUCTS AFFECTED: SQL Server ... Secure your SA login account with a non-NULL password. ...
    (microsoft.public.security)