Re: Logon failed for user ". but only for membership tables in same database that other request work

Here is the web.config file. Also my login id is displayed when I added the
requested code to the Page_Load of my page. The login ID is the
administrator account on Computer a the xp pro machine. I found aspnet_wp is
running under the ASPNET account on the xp pro machine. We know aspnet_wp
runs under nt authority\network service on server2003 machines. Perhaps I
should change the ASPNET password to be the same as the ASPNET password on
the server2003 machine. It really appears the membership.validateuser is
using a different account than that of the IIS anonymous user account
defined on the directory security tab. Please note I changed the validation
and decription key.

------------- web.config follows -------------------------------
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings/>
<connectionStrings>
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data
Source=ns2.bill-lane.net;Initial Catalog=dallaschoir;Integrated
Security=SSPI;"
providerName="System.Data.SqlClient"/>
<add name="sqlChoir" connectionString="Data
Source=ns2.bill-lane.net,1433;Initial Catalog=dallaschoir; Integrated
Security=True"
providerName="system.data.sqlclient"/>
</connectionStrings>
<system.web>
<identity impersonate="true"/>
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20">
<providers>
<remove name="AspNetSqlMembershipProvider" />
<add name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Encrypted"
minRequiredPasswordLength="4"
minRequiredNonalphanumericCharacters="0"
applicationName="/" />
</providers>
</membership>
<machineKey
validationKey="0f94A16B63FB7DACEACAED33013553E3010BD83F7BC00EFD1690D759929269587D0633D9A5AC39EA56D7A1C2EB4797700897E7CBB30AF178222F2FF865C9A181"
decryptionKey="228012EE5099FD4173D3E7A9DF999A5CB09A241C67314BD7"
validation="SHA1"
decryption="AES"/>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true">
<buildProviders>
<add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider,
Microsoft.ReportViewer.Common, Version=8.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</buildProviders>
</compilation>
<httpHandlers>
<add path="Reserved.ReportViewerWebControl.axd" verb="*"
type="Microsoft.Reporting.WebForms.HttpHandler,
Microsoft.ReportViewer.WebForms, Version=8.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a"
validate="false" />
</httpHandlers>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.

<customErrors mode="RemoteOnly"
defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<customErrors mode="Off"></customErrors>
</system.web>
<location path="confirm.aspx">
<system.web >
<authorization >
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="tstmem.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>

"Wei Lu" <weilu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:M9i$dJtXGHA.2428@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Bill,

Would you please post the whole web.config file here for me to
troubleshoot?

Also, you may add the following code in the Page_load of your Login page
to
check the current account you use to connect to the database.

Response.Write("<br/>" +
System.Security.Principal.WindowsIdentity.GetCurrent().Name);


Please let me know the result. Thank you!

Sincerely,

Wei Lu
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages

  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)
  • WinXP laptop, simple-style login conn to Win2000 share, error
    ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
    (microsoft.public.windowsxp.security_admin)
  • Dexia website security alert
    ... A few days ago I sent a mail to the Dexia bank about their ... one is for the online banking account and one is for some ... The problem with the "members' login" was that a) it was ... selected the wrong login by mistake your username and password were ...
    (Security-Basics)
  • Dexia website security alert
    ... A few days ago I sent a mail to the Dexia bank about their ... one is for the online banking account and one is for some ... The problem with the "members' login" was that a) it was ... selected the wrong login by mistake your username and password were ...
    (Bugtraq)
Quantcast