Re: Problem deploying forms authorization

Hi Haim,

Glad to hear from you.

Yes, seems you've got much progress on this, at least you've figured out
the original unexpected "remote access error....." (as it is caused by the
default sqlexpress provider setting).

For the new problem you met:

===========
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
============

I think it is a typical ASP.NET security issue that is caused by the
accessing SQL server database from IIS hosted enviornment. For IIS6, the
default worker process identity (security account) is "NT Authority\NETWORK
SERFVICE"(which as restricted permission), so it is likely that the
application get access denied or login failed error when accessing some
protected resource under this account.

Also, to make sure it is the process identity that cause the error, I
suggest you try the following test:

** change your ASP.NET applicaiton's IIS application pool identity from
"Network Service" to an interactive account(domain account or local one)
which has sufficient permission in SQL server database.

** Restart the application pool and application to see whether it can
correctly access the database now.

If the above work, that means the problem is related to the application
pool identityt and we should continue work on the permission of it(the
default Network Service account).

BTW, for the "asp_net roles" you said, is it a custom group you used on
your machine or do you mean a built-in group or role in application?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.




.

Relevant Pages

  • Re: machine.config - add assembly="*" - Required permissions cannot be acquired - IIS 6.0
    ... Regarding WSS - I have not yet worked with that and believe no website is ... > As you said that the when switching the process Identity to LOCAL SYSTEM, ... > it works(Do you mean that the applicaiton will run without any permission ... > the IWAM_SANDBOX or LocalService account are not the recommended process ...
    (microsoft.public.inetserver.iis)
  • Re: machine.config - add assembly="*" - Required permissions cannot be acquired - IIS 6.0
    ... As you said that the when switching the process Identity to LOCAL SYSTEM, ... it works(Do you mean that the applicaiton will run without any permission ... or "LocalService" account to run the ASP.NET? ...
    (microsoft.public.inetserver.iis)
  • Application pool identity permissions
    ... In SPS 2003 if you modify the application pool identity for the cnetral ... admin site what rights or permission are required for the app pool identity ... Also what rights or permissions are required for the app pool identity ... account for the portal sites? ...
    (microsoft.public.sharepoint.portalserver)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... Only account A has access to database DB-A ... Application A and Application B have an application security based on Active ... The Pool identity is the one accessing the backend resources like ... We are 'investigating' the impersonation alternative. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... I doubt the cluster environment has problems with kerberos tickets, ... Only account A has access to database DB-A ... Application A and Application B have an application security based on ... The Pool identity is the one accessing the backend resources like ...
    (microsoft.public.inetserver.iis.security)