RE: Login failed for user '(null)'.
- From: Herb <Junior1957@xxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Jul 2006 05:03:01 -0700
Steven, Thanks for the reply.
On the development machine everything runs fine. I use one connection string
for db access in the application, and another for security. I have the
following in my web.config:
<connectionStrings>
<add name="myConn1"
connectionString="Provider=SQLOLEDB;
Data Source=MySQLServer;
Integrated Security=SSPI;Initial Catalog=myDB"
providerName="System.Data.OleDb"
/>
<add name="loginConnection"
connectionString="Data Source=MySQLServer;
Integrated Security=SSPI;Initial Catalog=aspnetdb"
/>
</connectionStrings>
My login works fine. I am redirected to the login.aspx when I try to go to
default.aspx and login works correctly.
I am sure it is my non-aspnetdb connection which is failing.
My application has several different levels of access. I want to use the ID
used at signon to authenticate in SQL Server.
I will read your comments more closely and post my results.
Thanks.
"Steven Cheng[MSFT]" wrote:
Hello Herb and Danny,.
The "Login failed for user '(null)'." error message is a typical access
permission error of SQL Server. And the "(null)" indicate that the user
try to access the SQL Server is not a valid account(not recognizable) on
the SQL Server machine(suppose the SQL Server is on a remote box in your
environment).
Since you're encountering the error when running the ASP.NET web
application, I'd like to confirm the following things with you:
1. In addition to the FormsAuthentication(which use SQL Server provider to
connect the remote SQL Server database), is there any other data accessing
operation to that remote sqlserver. You need to make sure which
one/connection cause the login fail error.
2. What's the security identity used to access the remote SQL Server, I
suppose you're using windows authentication for the SQL Server
connectionstring. Thus, it will use the current running program's security
context. And for ASP.NET application, it is the ASP.NET worker process's
identity(if you're not using impersonate). For ASP.NET worker process
identity, here are the candidates you can refer to :
1. For II5 on win2k or xp, it by default use the MACHINE\ASPNET account as
the worker process identity(aspnet_wp.exe process).
2. For II6 on win2k3 server, it use the IIS appliation pool's security
identity as the worker process security identity, and the default one is
"NT AUTHORITY\NETWORK SERVICE".
also, you can use the following code to printout the current security
identity of the ASP.NET worker process/thread(if impersonate is not used):
Response.Write("<br/>Identity: " +
System.Security.Principal.WindowsIdentity.GetCurrent().Name);
Based on my experience, your ASP.NET application is likely running under
the MACHINE\ASPNET (or any other local account) which is not
valid/recognizable by remote machine.
After you verify the current security context of your ASP.NET web
application, we'd determine the approach we'll choose to resolve the
problem. Here is the available options:
1. Change the ASP.NET application's worker process account to another
custom account(local account or domain account) , which can be recogniazble
at remote machine(for local account, we need to create a duplicated account
has the same username and password at the remote machine). Then, at remote
machine(where SQL Server runs), we grant the custom process identity the
sufficient permission to access certain database tables.
#Configuring ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx
#How To: Create a Service Account for an ASP.NET 2.0 Application
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000009.asp?frame=tr
ue
2. Instead of changing the worker process identity, we can also choose to
do impersonation in our ASP.NET appliation. We can impersonate in
web.config file or programmtically impersonate in code. Here is a knowledge
base article describing ASP.NET impersonate:
#How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158/en-us
Please verify the above things and let me know if you have anything unclear
or have any further questions.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial
response from the community or a Microsoft Support Engineer within 1
business day is
acceptable. Please note that each follow up response may take approximately
2 business days
as the support professional working with you may need further investigation
to reach the
most efficient resolution. The offering is not appropriate for situations
that require
urgent, real-time or phone-based interactions or complex project analysis
and dump analysis
issues. Issues of this nature are best handled working with a dedicated
Microsoft Support
Engineer by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- RE: Login failed for user '(null)'.
- From: Steven Cheng[MSFT]
- RE: Login failed for user '(null)'.
- References:
- RE: Login failed for user '(null)'.
- From: Steven Cheng[MSFT]
- RE: Login failed for user '(null)'.
- Prev by Date: RE: Login failed for user '(null)'.
- Next by Date: Re: Regex for default AD policy?
- Previous by thread: RE: Login failed for user '(null)'.
- Next by thread: RE: Login failed for user '(null)'.
- Index(es):
Relevant Pages
|
|
