Building SQL connection string in code-behind file. Works on my machine, not on server.

  • Thread starter Thread starter Brett
  • Start date Start date
B

Brett

I wrote an ASP.NET application that queries a SQL Server database (on a
different box from the web server) and displays the result in a GridView.
The datasource for the GridView is a SQLDataSource. Just to get it to work,
I hard-coded the username and password of a SQL Server account in the
connectionstring in web.config. Once I confirmed that this worked on the
web server, I wanted to remove the hard-coded password from web.config, so I
removed that portion of the connectionstring. In the Page_Load procedure of
the page's code-behind file, I then appended the username and password to
the connectionstring in web.config. It worked perfectly on my machine in
Visual Studio.NET 2008. So, I moved the updated code to the web server, but
I got the error, "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'."
What is the problem here?



Thanks for any help you can provide.



Brett
 
You always need to know and be aware of the account you're running under:

Here is some crappy debugging code.

I think the issue is you don't have sql server credentials for the user the
program is running under.

Go to Control Panel / Users and you can see a list of "built in" users that
a windows machine has.



private string FindIIdentity()

{

try

{



string returnValue = string.Empty;

WindowsIdentity ident = WindowsIdentity.GetCurrent();

returnValue = ident.Name;

try

{

returnValue += " on " + System.Environment.MachineName;

}

catch (Exception ex)

{

}

return returnValue;

}



catch (Exception ex)

{

return "Error Finding Identity";

}

}
 
The windows identity that is returned is "Domain\MyUsername on MyPC" when I
run it on localhost. When I run it on the server, it is "Domain\MyUsername
on ServerName"

I am using a SQL Server login, so I didnt think it would matter if the
domain user had SQL Server credentials. I do have the necessary SQL Server
permissions, though.

The odd thing is that it works fine with the user and password in the
connection string in web.config. If I build the same connection string in
the code-behind file, login fails. I set a session variable and turned on
trace to see if the connection string was getting set properly, and it WAS.
I don't understand.
 
Show the connection string you are building

Brett said:
The windows identity that is returned is "Domain\MyUsername on MyPC" when
I run it on localhost. When I run it on the server, it is
"Domain\MyUsername on ServerName"

I am using a SQL Server login, so I didnt think it would matter if the
domain user had SQL Server credentials. I do have the necessary SQL
Server permissions, though.

The odd thing is that it works fine with the user and password in the
connection string in web.config. If I build the same connection string in
the code-behind file, login fails. I set a session variable and turned on
trace to see if the connection string was getting set properly, and it
WAS. I don't understand.
 
re:
!> I am using a SQL Server login, so I didnt think it would matter if the domain user
!> had SQL Server credentials. I do have the necessary SQL Server permissions, though.

The important part is not whether *you* have the necessary SQL Server permissions.
It's whether the identity ASP.NET runs as has the necessary SQL Server permissions.

i.e., on your machine, "Domain\MyUsername on MyPC" runs OK.

On the server, "Domain\MyUsername on ServerName" will run
OK *if* your ASP.NET is running as that domain account.

If ASP.NET is not running as that domain account, it won't.

If you don't want your current ASP.NET identity to access SQL Server,
or it can't, you can use ASP.NET impersonation to access the SQL Server's data.

Just select any valid domain account to run as the impersonated ASP.NET account,
and include this configuration in your web.config :

<identity impersonate="true"
userName="domain\user"
password="password" />




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
Then you need to show the connection string that was built to get help.

www.connectionstrings.com

Go there, and take a look.

You say you're using sql server authentication.
But the messages look like you're trying to use integrated security.

Post your connection string, or look at the samples at the site above, and
match a Sql Authentication.

My guess is that you have "integrated security=true" or something like that.

...
 
Hi Brett,

This error message is the typical symptom when linked services are used and
Windows NT authentication is used to impersonate the client connecting. If
you're using linked services please check out this KB article:

http://support.microsoft.com/?id=238477

You can also connect another database to test if it's related to linked
services.

If you're not using linked services please tell me if the database server
and the web server are on different machines and the operating systems of
these machines.
==================================================
Quote from "Brett"
The odd thing is that it works fine with the user and password in the
connection string in web.config. If I build the same connection string in
the code-behind file, login fails. I set a session variable and turned on
trace to see if the connection string was getting set properly, and it WAS.
I don't understand.
==================================================
It's indeed very strange. Could you confirm that you tested it on the same
client machine and didn't change other settings/code? Could you post the
connection string here? The information will help me dig the issue further.

Regards
Allen Chen
Microsoft Online Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "Brett" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: Re: Building SQL connection string in code-behind file. Works on
my machine, not on server.
| Date: Tue, 29 Jul 2008 16:52:20 -0400
| Lines: 112
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
| X-RFC2646: Format=Flowed; Response
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: dsl-1-210.d01.scpnbh.pbtcomm.net 64.53.27.210
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.dotnet.framework.aspnet:72838
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| The windows identity that is returned is "Domain\MyUsername on MyPC" when
I
| run it on localhost. When I run it on the server, it is
"Domain\MyUsername
| on ServerName"
|
| I am using a SQL Server login, so I didnt think it would matter if the
| domain user had SQL Server credentials. I do have the necessary SQL
Server
| permissions, though.
|
| The odd thing is that it works fine with the user and password in the
| connection string in web.config. If I build the same connection string
in
| the code-behind file, login fails. I set a session variable and turned
on
| trace to see if the connection string was getting set properly, and it
WAS.
| I don't understand.
|
| | >
| >
| >
| > You always need to know and be aware of the account you're running
under:
| >
| > Here is some crappy debugging code.
| >
| > I think the issue is you don't have sql server credentials for the user
| > the
| > program is running under.
| >
| > Go to Control Panel / Users and you can see a list of "built in" users
| > that
| > a windows machine has.
| >
| >
| >
| > private string FindIIdentity()
| >
| > {
| >
| > try
| >
| > {
| >
| >
| >
| > string returnValue = string.Empty;
| >
| > WindowsIdentity ident = WindowsIdentity.GetCurrent();
| >
| > returnValue = ident.Name;
| >
| > try
| >
| > {
| >
| > returnValue += " on " + System.Environment.MachineName;
| >
| > }
| >
| > catch (Exception ex)
| >
| > {
| >
| > }
| >
| > return returnValue;
| >
| > }
| >
| >
| >
| > catch (Exception ex)
| >
| > {
| >
| > return "Error Finding Identity";
| >
| > }
| >
| > }
| >
| >
| >
| >
| >
| >
| > | >>I wrote an ASP.NET application that queries a SQL Server database (on a
| >>different box from the web server) and displays the result in a
GridView.
| >>The datasource for the GridView is a SQLDataSource. Just to get it to
| >>work, I hard-coded the username and password of a SQL Server account in
| >>the connectionstring in web.config. Once I confirmed that this worked
on
| >>the web server, I wanted to remove the hard-coded password from
| >>web.config, so I removed that portion of the connectionstring. In the
| >>Page_Load procedure of the page's code-behind file, I then appended the
| >>username and password to the connectionstring in web.config. It worked
| >>perfectly on my machine in Visual Studio.NET 2008. So, I moved the
| >>updated code to the web server, but I got the error, "Login failed for
| >>user 'NT AUTHORITY\ANONYMOUS LOGON'." What is the problem here?
| >>
| >>
| >>
| >> Thanks for any help you can provide.
| >>
| >>
| >>
| >> Brett
| >>
| >>
| >
| >
|
|
|
 
You are correct. I had "integrated security=true" in the connection string.
When I removed it, the program worked. I guess what threw me off was that
it worked on my client PC using the same connection string. Thanks to all!

Brett
 
Ok, good.

Just as a learning experience, if you had posted your connection string on
the first post, you probably would have gotten the fix on the first reply.

...

But glad you got it worked out.
 
Back
Top