Database: Sql Server 2005
Webserver: IIS 5.0
IDE: Visual Studio 2010
I've created a Silverlight RIA application which will allow users of our intranet query one of our databases.
In the config I have set the authentication to windows and enabled impersonation.
In IIS i have disabled anonymous access and only enabled windows authentication.
This all works fine in my development environment and when running it from VS2010.
When i publish it to my local web server and connect to it from my local pc it works too.
However if i access the URL to the application on my local web server from another machine the application does not work. It gives the following error: "Load operation failed '[QueryName]'. Exception type 'System.ServiceModel.DomainServices.Client.DomainOperationException' was thrown.
The database sits on its own server. However i have the same database locally and if i change the connectionstring to local at the local version of that database it works fine.
IIS on my PC does not seem to forward requests to the SQL Server machine. As im running profiler to see what requests come in.
Any help on this would be greatly appreciated. Im sure im missing something.
Thanks
this was an issue was a classic double hop problem when using windows authentication. instead i used annoymous access on IIS and set the App Pool to an account that had access to the database on SQL Server
Related
Good morning. I have several Django apps running in my work environment. All are running through Gunicorn on Ubuntu. I have a new app that must run on Windows for ODBC reasons. This new app is running in development mode on a Windows 10 PC. I run the dev server while logged in as a service account, it uses a trusted connection (local credentials as I understand) to query a SQL server and works perfectly. I ported this app (virtualenv and all) to a Windows Server 2012 r2 instance and run the dev server successfully from there using my domain admin credentials (again trusted_connection=yes).
I set up IIS on this server to run the app permanently and it appears to run. However, I get a django error page that says the SQL login failed for 'DOMAINNAME\SERVERNAME'.
I have tried editing my Application Pool to use the credentials of the working service account (Advanced Settings > Process Model > Identity). With this configuration I no longer see a Django error page, just Service Unavailable HTTP Error 503. I have tried 'recycling' and restarting the IIS service after the change but that has not worked.
Unfortunately, I do not have admin access to the SQL server to create or edit accounts. Is it possible to configure IIS to connect to SQL, through the app, using the service account credentials that I know work. If I were to configure the Application Pool successfully in this way should I still have the trusted connection setting in my connection string? Thanks!
I have a .Net core application that uses Entity Framework and SQL express running all running on the same machine.In debug mode from within Visual Studio 2019, i.e. IIS Express, I can read/write to the database no problem.
However, when I deploy to IIS also running on the same machine, any View which has a controller using Entity Framework returns a 404.
optionsBuilder.UseSqlServer("Server=.\\SQLExpress;Database=MyDB;Trusted_Connection=True;");
I'm assuming it's a privilages issue but using Trusted_Connection I'm not sure which account needs the privileges. Is it the admin account in windows 10? Do I need a special user account for ISS?
When I take away any code that uses EF, the 404 disappears so I'm certain it's a SQL server related issue.
Thanks,
Ian
We have a Microsoft.Net MVC5 application which is deployed on a server and is working with IIS. Server uses static I.P. and hence the application is accessible from anywhere(internet).
Concern is around the database access, which is a MSSQL database, for now application is working with it using a SQL Authentication. Infra team is asking us to move away from sql authentication and to work with Windows Authentication and we are not sure how to configure IIS or IIS_IUSRS access to the database. Any help on this would be greatly appreciated.
Thanks
I am developing a report in PowerBI Desktop based on data hosted in an Azure SQL Server VM.
When publishing a report, I get the below error:
Publishing succeeded, but the published report cannot connect to the
data source because we were unable to find a gateway. Please install
and configure an enterprise gateway
I believe this is because the enterprise gateway is installed locally on my azure VM, however I'm accessing it from my desktop by going over the web and through the firewall. Therefore I believe the issue is that my pc acceses the machine at
mymachine.cloudapp.net
Whilst the enterprise gateway knows the machine as
netbios-name
Is there any way that I can upload a desktop report to powerBI web using this configuration? The other solution would be to get the machine and sql server to identify itself as "mymachine.cloudapp.net" so that I can use this as the name to connect to through the enterprise gateway, but I'm not sure how to do that (adding the alias to SQL Server isn't enough).
It's a bit hacky, but I've got a work around.
Open the server and edit your hosts file and add the following line:
127.0.0.1 mymachine.cloudapp.net
Make sure that mymachine.cloudapp.net has been configured in SQL Server as an alias.
In PowerBI, add a new enterprise gateway data source, this time, use mymachine.cloudapp.net to connect rather than netbios-name. You will need to use SQL Authentication to connect.
Obviously connecting PowerBI to an Azure VM in this way is not ideal, as it could potentially be unencrypted, but this works around the issue of different host names between PowerBI Desktop and Web.
Basic Problem:
I have a web application that accesses a SQL Server database on the same machine. The web app runs under its own app pool - let us call it MyAppPool. If I goto advanced settings in IIS Manager, I can see that MyAppPool runs under ApplicationPoolIdentity. When I make requests to the web app, I can open task manager and verify that the username of w3wp.exe is MyAppPool. In SQL Server, I have added a Windows User IIS AppPool\MyAppPool and given it necessary permissions to read from db. The problem is that I am getting a login failed for DOMAIN\MACHINE$ when a logon is attempted to SQL Server. Its beyond me. Why is the app not logging on as IIS AppPool\MyAppPool?
Details:
I know variants of this question have been asked elsewhere, but I am really stuck without a solution. I experimented adding a <identity impersonate="true" /> to the web.config. If I do this, I get a login failed for NT AUTHORITY\IUSR. I have tried accessing the web app from the machine on which it is hosted and get same login error. I am running IIS8, Windows Server 2012, and SQL Server 2012.
Closest question I could find is Why is my MVC app trying to log into my DB as my machine, and not as the App Pool identity?, and the solutions provided do not work. I cannot change Integrated Security to be false (I had this thing running in the past). Quoting https://stackoverflow.com/a/15145488/147530:
ApplicationPoolIdentity uses IIS AppPool\ApplicationPool for local
access, but DOMAIN\MACHINE-NAME$ for remote access
sounds reasonable. Question is why is ApplicationPoolIdentity not using IIS AppPool\MyAppPool identity when db is hosted on same machine??
Quoting another SO post, IIS application using application pool identity loses primary token?:
This application also connects to a SQL Server database using
Integrated Security=true in the connection string. If the database is
local, then we see that IIS APPPOOL\OurAppPoolName is used to connect
to the database; if the database is remote, then the machine account
OURDOMAIN\ourwebserver$ is used.
This is the behavior I want, but not getting it, and that is what I am asking in this question - I don't want to give permissions to DOMAIN\MACHINE-NAME$ to log onto SQL Server. Quoting https://stackoverflow.com/a/15445280/147530:
I think that's a bad idea, however, because it authorizes any program
running as NetworkService to access the database - not just your web
applications.
I tried one more thing, which was to enable Windows Authentication on IIS8 using this link http://www.iis.net/learn/install/installing-iis-85/installing-iis-85-on-windows-server-2012-r2#ModulesinIIS85 but this has also not solved the problem.
Fixed this problem. In SSMS, there is a path machine -> security -> logins which contains users who can log onto the machine. I had not added the apppool to this list. I had only added the apppool to machine -> databases -> my database -> security -> users