After moving my MVC 4 applicaiton on production the IIS is using
domain/machinename$
to access the SQL database on a different server. The SQL server is configured to accept connection from
mydomain/myuser
I'm wondering how to fix this and make it pass the correct credentials, in my connection string I have
Integrated Security=SSPI
and I deployed as my user
IIS is using the identity of the Application Pool to login to SQL server because you have the Intergrated Security setting. Change the identity of your application pool to run as the Domain/User or specify the login credentials in the connection string to SQL.
SQL Connection String with specified credentials
Server=myServerName\myInstanceName;Database=myDataBase;User Id=myUsername;
Password=myPassword;
I used Custom account for the identity and it worked
Related
A .Net Core 2.2 application running in a Linux Docker container fails to authenticate to SQL Server on a different machine using SQL Authentication. The error message is:
Cannot authenticate using Kerberos. Ensure Kerberos has been initialized on the client with 'kinit' and a Service Principal Name has been registered for the SQL Server to allow Kerberos authentication.
We have configured the connection string to use SQL Authentication (user name and password). We have tried setting trusted_connection=false, but the connection still attempts to use Kerberos authentication.
The (redacted) connection string is:
"server=ourfullyqualifiedserver.domain,1433;database=our-database;user=sql-user;password=sql-password;"
I would expect to be able to connect to SQL Server from the container using SQL Authentication, but it is still attempting to use Kerberos. Why, and how do we make the connection use SQL Server Authentication?
You may have to add "Trusted_Connection=false;" to your connection string.
And also, use the Server IP with the Port that you exposed to the server.
It turns out that the connection string in the base appsettings.json configuration file was not being overwritten by the environment-specific settings file (appsettings.Development.json). Our DevOps group set the environment variable for the container and it correctly connected using the SQL Server credentials.
I am trying to connect to an on-premises SQL Server from my API which i have deployed to Azure App Service. I have established a Azure Hybrid Connection to connect between on-premises SQL and Azure. I created a connection string which included username and password as that of a local login i created in the On-Premises server. This is allowing me to connect.
Connection String:
Data Source=;Initial Catalog=;User=;Password=;MultipleActiveResultSets=True
However i want to connect to the server using windows authentication. My System account has access on the server, but when using connection string as -
Data Source=;Initial Catalog=;Integrated Security=SSPI;User=;Password=;
Or
Data Source=;Initial Catalog=;Integrated Security=SSPI;
It is giving error as
"Login failed. The login is from an untrusted domain and cannot be
used with Windows authentication."
Please suggest how to use windows mode of authentication while forming connection string to the on-premises SQL Server from Azure App Service.
Azure Hybrid Connection does not appear to support Active Directory and hence Windows Authentication will not work. See note about sql auth being required in Official MS documentation.
https://learn.microsoft.com/en-us/azure/biztalk-services/integration-hybrid-connection-overview
Also, look at the following SO question where one of the answers details common issues faced this setup:
C# web app not connecting to on premise SQL Server through Azure hybrid Connection
You are unlikely to get around this, especially if you are hosting your app as a web app.
I have an ASP.NET WebAPI that is calling a SQL Server (currently 2008, but will migrate on something newer soon). Authentication is Windows authentication. I have given the IIS Apppool that executes the WebAPI the rights to access the database.
When I use the following connection string, everything works:
Server=localhost; Database=LPG; Integrated Security=SSPI;
For the production system, the WebAPI and the database server are probably on different machines, so I want to use the name of the server instead of localhost.
Server=my.server.com; Database=LPG; Integrated Security=SSPI;
With this connection string, I get the following error.
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
This is probably because the IIS APPPOOL - User is a local account and when calling my.server.com it can't use local accounts.
Does anyone knows how to resolve that problem?
Thanks in advance,
Frank
The problem is your production server may not be setup for delegation. The web server and the db server must have a relationship so the user on the browser flows through to the database.
I am using ActiveDirectoryMembershipProvider and want to connect to Sql Server with Integrated connection using user identity.
"Data Source=Server;Initial Catalog=maindb;Integrated Security=True"
How to do it if it is possible?
By default
Data Source=Server;Initial Catalog=maindb;Integrated Security=True
will use ApplicationPoolIdentity in MVC.
You can grab Username/Password after using ActiveDirectoryMembershipProvider to connect to database with
Integrated Security=False
create Windows user who will be authorized for running app pool in IIS and connect to SQL server on the level you need, not the SA level. Make sure that user have SQL server authorization just in case.
Make sure that your site is using that user to run in Web Server security settings.
Create app pool and assign user to run it and to your site.
That should take care of your question.
I have a classic ASP app that I am trying to connect to a SQL Server 2008 database on a different server. The ASP app is being served from IIS7 on Windows Server 2008.
I have changed the web site's application pool to run under a specific windows account, that I have verified has access to the database on the remote server.
However, when I run the app in the browser, I get this error:
Application Error
Number: -2147217843 (0x80040E4D)
Source: Microsoft OLE DB Provider for SQL Server
Description: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Why is it trying to connect using NT AUTHORITY\ANONYMOUS LOGON?
Does the App pool identity not apply to classic ASP code?
How can I make this connect as a specific user?
EDIT
Here is the connection string I am using:
Provider=SQLOLEDB.1;Data Source=myDbServer;Initial Catalog=myDatabase;Integrated Security=SSPI
For a site to use the application pool identity for classic ASP, you need to change the credentials used for Anonymous Authentication. By default, the site will be set to use a specific user, namely IUSR.
Select Authentication from the IIS area of your site, then select Anonymous Authentication followed by Edit. Change from Specific user to Application pool identity.
It's advisable to use Windows authentication (integrated security) over SQL authentication so that you don't have credentials in your config files so that if those files are compromised, you don't lose control of the credentials.
Does your app impersonate the caller? You need to enable constrained delegation: Configuring Servers for Delegation.
you should specify a username and password for the connection string www.connectionstrings.com or set the IIS application to run as a specific user however that would then render a lot of the security settings in IIS obsolete.
Provider=SQLNCLI10;Server=myServerAddress;Database=myDataBase;Uid=myUsername; Pwd=myPassword;
And have a look here: aspfaq
Lastly, make sure anonymous access is disabled on the IIS site so that it actually impersonates the user you selected instead of passing the anonymous tokens through.