Re: SQL Server does not exist or access denied
From: Chris Jackson (chrisj_at_mvps.org)
Date: 08/29/03
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- In reply to: Ira W: "SQL Server does not exist or access denied"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Aug 2003 11:38:03 -0400
When you use integrated authentication to connect to SQL Server, you
authenticate using the credentials of the process you are running - in this
case, aspnet_wp.exe. What you can do is set IIS to use a low-privileged
domain account, turn on impersonation for asp.net (which you do in the
web.config file), and then you will pass this over the wire. Without a
domain account, you will have difficulties authenticating. Without turning
on impersonation, you will find it difficult. Also, you don't include the
user name and password in the connection string - this is for use with SQL
authentication, not windows authentication.
What is important to remember is that you have two processes here, not just
one. IIS runs in one process space, and aspnet_wp in another, so you have to
turn on impersonation to pick up what you have set in IIS. The full grid can
be found here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp
-- Chris Jackson Software Engineer Microsoft MVP - Windows XP Windows XP Associate Expert -- "Ira W" <irawald@hotmail.com> wrote in message news:0e3c01c36d84$ee2ea1d0$a601280a@phx.gbl... > System worked great on development computer (IIS and SQL > on the same machine). > > Will not work in production environment (IIS and SQL on > separate > computers): "SQL Server does not exist or access denied." > > I know that this has been discussed many times. I believe > I tried most of the suggestions - but I still can not get > to SQL Server. I have spent so many hours trying to make > this work. Ultra frustration. > > ON the IIS computer: > * User/password is defined on the computer for use by the > application. > > * Directory permissions set to permit access > - Temp folder set to read/write/delete > - winnt\microsoft.net\framework set to read only > - winnt\microsoft.net\framework\version\temporary asp.net > files set to read/write/delete > > * In IIS: > - Application installed in a virtual directory. > - IIS is set for anonymous access w/user and password > defined. > > * Root of virtual directory contains web.config. > - All access for database uses a connection string as > follows: > integrated security=SSPI;data source=computer;persist > security > info=False;initial > catalog=database;uid=user;pwd=password; > > - Authentication set as forms based > > * In machine.config > - <processModel .. userName="user" > password="password" ... /> > > > On the sql server computer: > * exact same user/password is validated > * SQL server references the user. > * Database references the user. > * Permissions are set for relevant tables and procedures. >
- Previous message: Joe Kaplan \(MVP - ADSI\): "Re: Securing Dll Assmebly For Specified EXE Client"
- In reply to: Ira W: "SQL Server does not exist or access denied"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
