Hi all

I am doing the exercise in asp.net Databases (Chapter 3 of Beginning ASP.NET Databases using VB.Net )where we connect to an MSDE database. However, I have SQL Server 2000 installed, and I am getting an error as detailed here

The web config contents include :-
Web.config

    <appSettings>
    <add key="Nwind"
        value="server=(local);database=northwind;integrate d security=true;"/>
    </appSettings> etc etc

Error message

Login failed for user 'STN1\ASPNET'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'STN1\ASPNET'.

Source Error:


Line 32: Dim objCommand As New SQLCommand(strSQL, objConnection)
Line 33:
Line 34: objConnection.Open()
Line 35:
Line 36: Response.Write("ServerVersion: " & objConnection.ServerVersion & _

================================================== =============
The ASP page produces an error :-
Source File: C:\BegASPNETdb\webroot\ch03\SQLServer_connection.a spx Line: 34

Stack Trace:


[SqlException: Login failed for user 'STN1\ASPNET'.]
   System.Data.SqlClient.SqlConnection.Open() +761
   ASP.SQLServer_connection_aspx.Page_Load(Object Source, EventArgs E) in C:\BegASPNETdb\webroot\ch03\SQLServer_connection.a spx:34
   System.Web.UI.Control.OnLoad(EventArgs e) +67
   System.Web.UI.Control.LoadRecursive() +29
   System.Web.UI.Page.ProcessRequestMain() +724
================================================== ===========

I am wondering why the user has failed to log in when the security in the web.config is set to Integrated?

Any ideas anyone ?

Many Thanks

Ray

Do you have anonymous unchecked and Windows Security checked in IIS?

Also, check the permissions on your application folder. If you have locked this down and removed the everyone group, you will need to give the ASPNET user access to the folder.

J

Hi

Thanks for the reply.
After checking the IIS, all security is Anonymous User Checked, Integrated Windows Authentication checked, as you mentioned.
Is this what I SHOULD have, or what I should NOT have?

The Everyone Group has not been altered for the physical directories.

Any other suggestions gratefully welcomed

Cheers

RNW

Uncheck anonymous...

J

The Answer - machinename\ASPNET is an automatic user for ASPNET to access stuff - INCLUDING SQLSERVER.
The ASPNET User must be included in the security Tab of SQL Server, and be allowed to access the database that is being called eg Northwind

I don't use this method and I don't have to add the ASPNET user account to SQL Server.

What I do change is the Web.config file. I add:
--------------------------------------------

<authentication mode="Windows" />

<identity impersonate="true" />

--------------------------------------------

And under <authorization> I use:

--------------------------------------------

<deny users="?" />

--------------------------------------------

This denies unauthorized users. Note that you will have to uncheck anonymous access in IIS. If you leave this checked, it uses the IUSR_MachineName account (or your specific anonymous account) for everyone.

Hi J (and all interested future onlookers)

Thanks for the advice J, but as a new user I found the comments more of a good hint than definitive advice, so I did some more research.

I found that the settings for web.config mentioned here are reproduced when one undertakes the "Visual studio walkthru" that comes as part of Getting Started in the Help section of VB Studio.

The Web Config file that is created during that exercise has a fully commented example of web.config which includes the settings that J uses.

I also found that theses settings are used on a large commercial app that I have viewing rights to, which indicates that it would be the way to go.

One research item that I need to investigate, is the effect on a public website, where you need to have a username and password to access the web site, as the Anonomous User Tick box (in IIS ) explains, that the client "doesnt need a username and password" to access the site.

Does that mean that the settings discussed here wouldn't be used on a WWW web site ? (for example)

Good luck to all us entrepid explorers, and thanks for your hints J

Cheers

Hi Ray,

I didn't mean for my reply to be so ambiguous. When you create a web application in Visual Studio .Net (I assume that is what you are using), it creates a web.config file for you. Most code in the file are comments about how to change the settings in the web.config file(while somethings you will have to look up).

The settings I gave are, in my opinion, better suited towards Intranet applications. This way I can take the user's Windows login credentials and validate them without forcing the user to login again.

For .Net applications, there are a few different ways to go. You can use Forms authentication, Windows Authentication, Passport Authentication, or None.

I would suggest using forms authentication for Internet apps, but you should probably read up on each and see which best suits you. Unfortunately, it is a very broad topic so you are probably better off looking into this on your own. Then post any specific questions you may have.

J

Ray,
I have the same problem. I'm getting an error: Login failed for user 'IS009-2\ASPNET'.

Did you figure out what setting(s) need to be fixed? If so can you share with me?

My setup:
machine name: IS009-2
-Win 2000
-SQL Server 2000, personel ed.
----I have a logon for ASPNET in sql server, and am using Mixed
     mode. The ASPNET account is in the system admin groups.
-VS.Net

-IIS, using Anonymous Access, user name: IS009-2\IUSR_IS009-2

I'm trying to work the examples out of the book: ASP.NET Databases using VB.NET. I'm stuck on chapter 3, the first example.

Any and all help is appreciated.
thanks,
rwiethorn


rwiethorn

Hi RW

It appears that you are doing everything right. My problem was just adding the servername/ASPNET into the Security/Logins of SQL server, and ticking "use anonomouse user" in IIS.

Maybe you should check the rights and groups that ASPNET has been given in SQL?

Good luck

Ray