I'm using SQL Server 2014 in my local system. There is an MVC application with .NET Framework 4.6.1 and it worked fine.
Now, I've created a new MVC application with .NET Framework 4.7.2 and see this issue. The local website is unable to connect to the Database.
System.Data.SqlClient.SqlException Cannot open database "NewApp"
requested by the login. The login failed. Login failed for user 'IIS
APPPOOL\dev.newapp.com'.
I have checked the User Mapping properties and both applications are listed. I did not make any changes in IIS or the SQL Server.
Also, I tried changing the Identity in IIS for DefaultAppPool to LocalSystem with no luck.
The IIS, SQL server & the website - all are in the same machine.
There a difference between Windows and SQL Server Authentication.
Per your images you have configured sa user which is SQL Server Authentication and you cannot use Windows Authentication in your application and web.config.
So, if you want to use sa login then update your web.config file and database connection string to be like:
Server=yourServer;Database=yourDatabaseName;User=sa;Password=saPassword;
or different syntax:
Data Source=yourServer;Initial Catalog=yourDatabaseName;User=sa;Password=saPassword;
Your application is trying to use local user as Windows authentication.
Related
I have one machine running IIS10, another machine running SQL Server Express. I have create an ASP.NET Razor pages web application. All machines are Windows 10 pro.
I cannot for the life of me figure out how to take the credentials from the web app, pass to IIS, and pass to SQL Server. I want to manager access to SQL Server at the user level, not the IIS DefaultAppPool identity.
Has anyone done this before?
Are you trying to pass the user's network login to the database instead of using a dedicated DB account? I think you need a trusted connection.
Grant your users access to your DB
Disable anonymous access in IIS and set the site up SSL
In your connection string set the Trusted_Connection property to true
Connection Strings
If the user is on any browser except IE, they'll probably be prompted for their credentials.
I have a web application (on IIS 7.0) developed with ASP.NET MVC 4. The application manages a database on a SQL Server 2008 R2. Only Windows Authentication is enabled on the site. In my intranet, the domain users access the program without authentication requests. web.config sets a connection string on the site that uses a sql user. All operations on the database are done by this last user. The application should access the database with a windows user instead of a sql user. For this, I created a windows user “MyUser” on Sql Server. I thought I could set a new “connection string” with windows authentication but I wasn't able to pass the credential of “MyUser”. When I set windows authentication on the connection string it uses the client user, and I don't want this.
How I can operate on the database with a different user? I would like all operations on database to be performed by a single windows user (MyUser).
You can give "MyUser" privileges over the folder where your app is. Then you can create an application pool and set the identity to "MyUser" (read this) and assign your app to this application pool.
Your application will be executing with "MyUser" account thus login into SQL with its credentials.
Hope it helps.
I have an ASP.NET WebAPI that is calling a SQL Server (currently 2008, but will migrate on something newer soon). Authentication is Windows authentication. I have given the IIS Apppool that executes the WebAPI the rights to access the database.
When I use the following connection string, everything works:
Server=localhost; Database=LPG; Integrated Security=SSPI;
For the production system, the WebAPI and the database server are probably on different machines, so I want to use the name of the server instead of localhost.
Server=my.server.com; Database=LPG; Integrated Security=SSPI;
With this connection string, I get the following error.
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
This is probably because the IIS APPPOOL - User is a local account and when calling my.server.com it can't use local accounts.
Does anyone knows how to resolve that problem?
Thanks in advance,
Frank
The problem is your production server may not be setup for delegation. The web server and the db server must have a relationship so the user on the browser flows through to the database.
I have a classic ASP app that I am trying to connect to a SQL Server 2008 database on a different server. The ASP app is being served from IIS7 on Windows Server 2008.
I have changed the web site's application pool to run under a specific windows account, that I have verified has access to the database on the remote server.
However, when I run the app in the browser, I get this error:
Application Error
Number: -2147217843 (0x80040E4D)
Source: Microsoft OLE DB Provider for SQL Server
Description: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Why is it trying to connect using NT AUTHORITY\ANONYMOUS LOGON?
Does the App pool identity not apply to classic ASP code?
How can I make this connect as a specific user?
EDIT
Here is the connection string I am using:
Provider=SQLOLEDB.1;Data Source=myDbServer;Initial Catalog=myDatabase;Integrated Security=SSPI
For a site to use the application pool identity for classic ASP, you need to change the credentials used for Anonymous Authentication. By default, the site will be set to use a specific user, namely IUSR.
Select Authentication from the IIS area of your site, then select Anonymous Authentication followed by Edit. Change from Specific user to Application pool identity.
It's advisable to use Windows authentication (integrated security) over SQL authentication so that you don't have credentials in your config files so that if those files are compromised, you don't lose control of the credentials.
Does your app impersonate the caller? You need to enable constrained delegation: Configuring Servers for Delegation.
you should specify a username and password for the connection string www.connectionstrings.com or set the IIS application to run as a specific user however that would then render a lot of the security settings in IIS obsolete.
Provider=SQLNCLI10;Server=myServerAddress;Database=myDataBase;Uid=myUsername; Pwd=myPassword;
And have a look here: aspfaq
Lastly, make sure anonymous access is disabled on the IIS site so that it actually impersonates the user you selected instead of passing the anonymous tokens through.
I have a web service that stores data in a local SQL Server 2008 database. If I run the web service under my account the web service can successfully access the database. However, if I use the DefaultAppPool (IUSR) account then accessing the database from the web service fails.
How do I set security on SQL Server to allow access to a specific database via IIS?
The specific error message I am getting is:
Login failed for user 'IIS APPPOOL\DefaultAppPool'
You have two options (obvious maybe!):
Instead of using Windows Integrated
Security use SQL Authentication
instead.
If you can't or don't want to, then you have
to create a new user in SQL Server
that relates to that Windows account.
Or (third option) you can change the web service to run under an account that you know works.
I generally run the app pool under a domain user account, that way you control the specific user for each site on your server.
If I can't use a domain account, I'll run the site as "Network Service" - and the user that would correspond to that in SQL would be the machine account (MACHINENAME$ - replace "machinename" with your IIS server name").
If you plan to use the new IIS7 IIS users - which are not windows users - you'll have to use SQL Authentication instead of Windows authentication for your SQL database access.