RE: Login failed for user '(null)'.

Hello Herb and Danny,

The "Login failed for user '(null)'." error message is a typical access
permission error of SQL Server. And the "(null)" indicate that the user
try to access the SQL Server is not a valid account(not recognizable) on
the SQL Server machine(suppose the SQL Server is on a remote box in your
environment).

Since you're encountering the error when running the ASP.NET web
application, I'd like to confirm the following things with you:

1. In addition to the FormsAuthentication(which use SQL Server provider to
connect the remote SQL Server database), is there any other data accessing
operation to that remote sqlserver. You need to make sure which
one/connection cause the login fail error.

2. What's the security identity used to access the remote SQL Server, I
suppose you're using windows authentication for the SQL Server
connectionstring. Thus, it will use the current running program's security
context. And for ASP.NET application, it is the ASP.NET worker process's
identity(if you're not using impersonate). For ASP.NET worker process
identity, here are the candidates you can refer to :

1. For II5 on win2k or xp, it by default use the MACHINE\ASPNET account as
the worker process identity(aspnet_wp.exe process).

2. For II6 on win2k3 server, it use the IIS appliation pool's security
identity as the worker process security identity, and the default one is
"NT AUTHORITY\NETWORK SERVICE".

also, you can use the following code to printout the current security
identity of the ASP.NET worker process/thread(if impersonate is not used):

Response.Write("<br/>Identity: " +
System.Security.Principal.WindowsIdentity.GetCurrent().Name);


Based on my experience, your ASP.NET application is likely running under
the MACHINE\ASPNET (or any other local account) which is not
valid/recognizable by remote machine.

After you verify the current security context of your ASP.NET web
application, we'd determine the approach we'll choose to resolve the
problem. Here is the available options:

1. Change the ASP.NET application's worker process account to another
custom account(local account or domain account) , which can be recogniazble
at remote machine(for local account, we need to create a duplicated account
has the same username and password at the remote machine). Then, at remote
machine(where SQL Server runs), we grant the custom process identity the
sufficient permission to access certain database tables.

#Configuring ASP.NET Process Identity
http://msdn2.microsoft.com/en-us/library/dwc1xthy.aspx

#How To: Create a Service Account for an ASP.NET 2.0 Application
http://msdn.microsoft.com/library/en-us/dnpag2/html/paght000009.asp?frame=tr
ue


2. Instead of changing the worker process identity, we can also choose to
do impersonation in our ASP.NET appliation. We can impersonate in
web.config file or programmtically impersonate in code. Here is a knowledge
base article describing ASP.NET impersonate:

#How to implement impersonation in an ASP.NET application
http://support.microsoft.com/kb/306158/en-us



Please verify the above things and let me know if you have anything unclear
or have any further questions.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial

response from the community or a Microsoft Support Engineer within 1
business day is

acceptable. Please note that each follow up response may take approximately
2 business days

as the support professional working with you may need further investigation
to reach the

most efficient resolution. The offering is not appropriate for situations
that require

urgent, real-time or phone-based interactions or complex project analysis
and dump analysis

issues. Issues of this nature are best handled working with a dedicated
Microsoft Support

Engineer by contacting Microsoft Customer Support Services (CSS) at

http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • RE: Login failed for user (null).
    ... used at signon to authenticate in SQL Server. ... connect the remote SQL Server database), is there any other data accessing ... What's the security identity used to access the remote SQL Server, ... the worker process identity. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: CTP3 Failure - Creating a Remote Distributor (error during decrypt
    ... with changes in the SQL Server service account after replication has been set ... Are the remote distributor and the publisher machines in the same domain? ... Are the distributor and publisher SQL Server Service running under domain ...
    (microsoft.public.sqlserver.replication)
  • RE: Help .... Error while creating new portal site
    ... Please ensure this account has the permission to access the SQL server. ... When the SPS performs the operation according to the customer request, ... If the worker process still refuses to work, you can set the local system ...
    (microsoft.public.sharepoint.portalserver.development)
  • Re: Could not bulk insert
    ... This error normally comes when you are not able to access the remote share. ... This will not work if SQL Server runs under the local system account. ...
    (microsoft.public.sqlserver.server)
  • Re: Login fail when accessing data
    ... Still another option in Tasos' list is to add the ASP.NET worker process account as a user in the database. ... Under Windows Server 2003 and IIS6, the user account is determined by the identity for the application pool. ... In SQL Server 2005, you can add the Network Service account as a login and grant that user access to certain portions of your database. ...
    (microsoft.public.dotnet.framework.aspnet)