I would like to develop my ASP.NET application against a SQL 2000 database
residing on another server, rather than against the SQL server installed
locally. We're using Windows integrated security. When I'm using Visual
Studio the ASP.NET user belongs to my XP machine's local domain, which is
not recognized by the remote SQL server as belong to its domain. It is
possible to set up the SQL Server, my local XP machine, or my web.config
file so that when I develop an app in Visual Studio (Debug -> Start), I can
access the remote SQL database?
Thanks !You should be able to register the server using the format domain\username
and then develop against it. NOTE that, by default, the method of security
is windows and not mixed, but that sounds fine in your case.
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
****************************************
******************************
Think Outside the Box!
****************************************
******************************
"Timo" <timo@.anonymous.com> wrote in message
news:uPs3ZS4BEHA.624@.TK2MSFTNGP10.phx.gbl...
> I would like to develop my ASP.NET application against a SQL 2000 database
> residing on another server, rather than against the SQL server installed
> locally. We're using Windows integrated security. When I'm using Visual
> Studio the ASP.NET user belongs to my XP machine's local domain, which is
> not recognized by the remote SQL server as belong to its domain. It is
> possible to set up the SQL Server, my local XP machine, or my web.config
> file so that when I develop an app in Visual Studio (Debug -> Start), I
can
> access the remote SQL database?
> Thanks !
>|||Timo wrote:
> I would like to develop my ASP.NET application against a SQL 2000 database
> residing on another server, rather than against the SQL server installed
> locally. We're using Windows integrated security. When I'm using Visual
> Studio the ASP.NET user belongs to my XP machine's local domain, which is
> not recognized by the remote SQL server as belong to its domain. It is
> possible to set up the SQL Server, my local XP machine, or my web.config
> file so that when I develop an app in Visual Studio (Debug -> Start), I ca
n
> access the remote SQL database?
> Thanks !
In order to have ASP.NET connect to the database server, you must
configure ASP.NET to run as a domain account. I believe it is the
machine.config file that you will need to modify on Windows XP to change
what user ASP.NET runs as. It is different on different OSes. The good
thing is that with Windows 2003 you configure it directly in IIS and
each application can run under a different user.
Aaron Weiker
http://blogs.sqladvice.com/aweiker
http://aaronweiker.com/|||You certainly can
A couple of ways to do it (one OR the other)
1) Edit machine.config (C:\WINNT\Microsoft.NET\Framework\v.....\Config) and
change the userName / password of the <processModel ..> element as described
in the same file
That way you can run the ASP.NET working process on the identity of a domain
account that may be allowed access to the SQL Server
2) For your Web application (on the IIS console), replace the default
anonymous user (IUSR_xxxxxxx) with a domain user / password and allow access
to that user in the SQL Server. You should also set <identity
impersonate=true> in your Web.config
Regards
Jose.
"Timo" <timo@.anonymous.com> escribi en el mensaje
news:uPs3ZS4BEHA.624@.TK2MSFTNGP10.phx.gbl...
> I would like to develop my ASP.NET application against a SQL 2000 database
> residing on another server, rather than against the SQL server installed
> locally. We're using Windows integrated security. When I'm using Visual
> Studio the ASP.NET user belongs to my XP machine's local domain, which is
> not recognized by the remote SQL server as belong to its domain. It is
> possible to set up the SQL Server, my local XP machine, or my web.config
> file so that when I develop an app in Visual Studio (Debug -> Start), I
can
> access the remote SQL database?
> Thanks !
>|||I follow step #1 below (it seems preferable to editing the live IIS server).
On my local PC, I edit the userName element replacing the value with
DOMAIN\USERNAME
This domain user has been granted login on the remote SQL server, has been
granted dbaccess, and has been added as a member of a role which can access
the relevant tables.When I try to run my ASP.NET page, I get the following
error:
Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection
I don't know what our network admin has done when setting up my PC, which
has XP Pro on it; he is used to Win2K. He knows only a little more than I do
about Windows authentication, which has me worried :-) Why does the error
message have 'null' for the username? Because SQL does not recognize it and
so refuses to repeat the name?
Thanks
Timo
"Jose Marcenaro" <josem@.nospam.da-vinci.com.ar> wrote in message
news:eDZZXh4BEHA.3568@.tk2msftngp13.phx.gbl...
> You certainly can
> A couple of ways to do it (one OR the other)
> 1) Edit machine.config (C:\WINNT\Microsoft.NET\Framework\v.....\Config)
and
> change the userName / password of the <processModel ..> element as
described
> in the same file
> That way you can run the ASP.NET working process on the identity of a
domain
> account that may be allowed access to the SQL Server
> 2) For your Web application (on the IIS console), replace the default
> anonymous user (IUSR_xxxxxxx) with a domain user / password and allow
access
> to that user in the SQL Server. You should also set <identity
> impersonate=true> in your Web.config
> Regards
> Jose.
> "Timo" <timo@.anonymous.com> escribi en el mensaje
> news:uPs3ZS4BEHA.624@.TK2MSFTNGP10.phx.gbl...
database
Visual
is
> can
>|||Thanks for responding. But I don't know what is meant by "register the
server". Is that something I do with Visual Studio.NET? Do I need a special
"enterprise" level of VS.NET for that?
Timo
"Cowboy (Gregory A. Beamer)" <NoSpamMgbworld@.comcast.netNoSpamM> wrote in
message news:u2P1gd4BEHA.2380@.TK2MSFTNGP10.phx.gbl...
> You should be able to register the server using the format domain\username
> and then develop against it. NOTE that, by default, the method of security
> is windows and not mixed, but that sounds fine in your case.
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
> "Timo" <timo@.anonymous.com> wrote in message
> news:uPs3ZS4BEHA.624@.TK2MSFTNGP10.phx.gbl...
database
Visual
is
> can|||Login failed for user 'null' means that we were unable to 'impersonate' the
user. We need to be able to impersonate when we authenticate to SQL using
your Windows NT credentials.
Typical client server environment:
Scenario 1:
Client --> SQL
If this fails, then it may be a problem with the communication between the
client and the Domain Controller. You can make network traces from the
client and /or enable Kerberos logging to verify if this is the case. This
may occur when using sockets, but not with Named Pipes connections.
Scenario 2:
Web Server/SQL Environment
Client-->IIS-->SQL.
If your scenario looks like the Scenario 2 (Web Server/SQL Environment),
then this scenario is more complicated to configure.
The middle machine (IIS) must be trusted for Security Delegation. And the
Domain Admin needs to set the spn for SQL Server.
The client machine must use TCP/IP and authenticate via Kerberos
authentication. If it uses NTLM, then this will fail with "Login failed
for user 'null'".
This article goes over various scenarios:
http://msdn.microsoft.com/library/d...-us/dnnetsec/ht
ml/SecNetch05.asp
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||If you want to use step #1 (ASPNET account) make sure you dont have
<impersonate="true"> in Web.config (you should keep the default which is
false or absent).
Otherwise, the local IUSR_xxxxx identity would be used.
If you do not currently have <impersonate="true"> ... then I guess it may be
some "extra-cautious" security setting of XPPro which prevents the identity
to be passed along.. sorry for not being able to help there
"Timo" <timo@.anonymous.com> escribi en el mensaje
news:e7M3M$4BEHA.3472@.TK2MSFTNGP09.phx.gbl...
> I follow step #1 below (it seems preferable to editing the live IIS
server).
> On my local PC, I edit the userName element replacing the value with
> DOMAIN\USERNAME
> This domain user has been granted login on the remote SQL server, has been
> granted dbaccess, and has been added as a member of a role which can
access
> the relevant tables.When I try to run my ASP.NET page, I get the following
> error:
> Login failed for user '(null)'. Reason: Not associated with a trusted SQL
> Server connection
> I don't know what our network admin has done when setting up my PC, which
> has XP Pro on it; he is used to Win2K. He knows only a little more than I
do
> about Windows authentication, which has me worried :-) Why does the error
> message have 'null' for the username? Because SQL does not recognize it
and
> so refuses to repeat the name?
> Thanks
> Timo
>
> "Jose Marcenaro" <josem@.nospam.da-vinci.com.ar> wrote in message
> news:eDZZXh4BEHA.3568@.tk2msftngp13.phx.gbl...
> and
> described
> domain
> access
> database
installed
> Visual
> is
is
web.config
I
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment