I'm having trouble with my security model, Application_Start, and accessing
my database.
My ASP.NET app is only going to be running in an intranet environment (not
on the public Internet). The production environment will have installed
everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a
Win2k Server).
In IIS, I have disabled anonymous access so that only Integrated Windows
authentication is used. Then in my Web.config file I've set it up to use
Windows authentication, as such:
<appSettings
<add key="connectionString"
value="database=RegPerfectDb;server=localhost;Trusted_Con nection=true" /
</appSettings
<system.web
<authentication mode="Windows" /
<authorization
<deny users="?" /
</authorization
<identity impersonate="true" /
</system.web
Then, in my Application_Start event in Global.asax, I need to run a query or
two to get some application-wide data from our database and store it in the
application cache.
When I try to access a database from Application_Start, I get the following
error:
System.Data.SqlClient.SqlException: Cannot open database requested in login
'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\ASPNET'.
It's as if it is using the default ASP.NET worker process account (which is
not what I want). I need it to authenticate/authorize the logged in user
(which has access to the database) and use that user to access the database.
So, my questions are: what am I doing wrong? how do I set up IIS,
Web.config, database connection, etc. so that everything is properly
authenticated/authorized to the logged in user so that I can query the
database in Application_Start?
Thanks in advance for your help.This is because when the application starts, it isn't running under any
particular user. That only happens for page requests - which is processed
after the application is started. Application_Start runs only once - and so
in what you are proposing, it would happen to run under whoever happened to
be the first person to access the application? It just doesn't work that
way.
Whatever you do in application_start can't rely on what user happened to
have made the first request to this app - so it needs a connection
independent of that.
"Ober" <ober@.yahoo.com> wrote in message
news:e0dDiobmEHA.3392@.TK2MSFTNGP15.phx.gbl...
>
> I'm having trouble with my security model, Application_Start, and
accessing
> my database.
>
> My ASP.NET app is only going to be running in an intranet environment (not
> on the public Internet). The production environment will have installed
> everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a
> Win2k Server).
>
> In IIS, I have disabled anonymous access so that only Integrated Windows
> authentication is used. Then in my Web.config file I've set it up to use
> Windows authentication, as such:
>
> <appSettings>
> <add key="connectionString"
> value="database=RegPerfectDb;server=localhost;Trusted_Con nection=true" />
> </appSettings>
>
> <system.web>
> <authentication mode="Windows" />
> <authorization>
> <deny users="?" />
> </authorization>
> <identity impersonate="true" />
> </system.web>
>
> Then, in my Application_Start event in Global.asax, I need to run a query
or
> two to get some application-wide data from our database and store it in
the
> application cache.
>
> When I try to access a database from Application_Start, I get the
following
> error:
>
> System.Data.SqlClient.SqlException: Cannot open database requested in
login
> 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\ASPNET'.
>
> It's as if it is using the default ASP.NET worker process account (which
is
> not what I want). I need it to authenticate/authorize the logged in user
> (which has access to the database) and use that user to access the
database.
>
>
> So, my questions are: what am I doing wrong? how do I set up IIS,
> Web.config, database connection, etc. so that everything is properly
> authenticated/authorized to the logged in user so that I can query the
> database in Application_Start?
>
> Thanks in advance for your help.
>
>
have a browse through the matrix.
how are you connecting to sql server ? trusted connection ? or sql user /
password ?
http://msdn.microsoft.com/library/d.../SecNetAP05.asp
if you are using trusted connection or SSPI then your MACHINENAME\ASPNET
account will have to be granted access to the database (if you want to
enable access from application as there is no user context) plus for normal
user access dont forget to use <impersonate> in web.config
copying from an old code project article (though i wouldnt give access to
ASPNET account as DBOwner i would just just read / write on certain stored
procs
This should work on all other IIS 5.1 (possibly other versions)
combinations. The only difference between IIS 5.1 and IIS 6 is the account
the ASP.NET process runs under. IIS 5.1 runs under a %MACHINENAME%\ASPNET
where %MACHINENAME% is the machine name.
osql -E -S %SERVER%\%INSTANCE% -Q "sp_grantlogin '%MACHINENAME%\ASPNET'"Now
our ASP.NET application will be able to log into the server. Now all thats
left is to grant access to the databases.
osql -E -S %SERVER%\%INSTANCE% -d %DATABASE%
-Q "sp_grantdbaccess '%MACHINENAME%\ASPNET'"
osql -E -S %SERVER%\%INSTANCE% -d %DATABASE%
-Q "sp_addrolemember 'db_owner', '%MACHINENAME%\ASPNET'"These 2 lines will
add access to one of the databases. So if you want to add access to another
database just change %DATABASE% and run both lines.
other way open Query Analyser and do an "EXEC stored proc values here"
--
Regards,
Hermit Dave
(http://hdave.blogspot.com)
"Ober" <ober@.yahoo.com> wrote in message
news:e0dDiobmEHA.3392@.TK2MSFTNGP15.phx.gbl...
>
> I'm having trouble with my security model, Application_Start, and
accessing
> my database.
>
> My ASP.NET app is only going to be running in an intranet environment (not
> on the public Internet). The production environment will have installed
> everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a
> Win2k Server).
>
> In IIS, I have disabled anonymous access so that only Integrated Windows
> authentication is used. Then in my Web.config file I've set it up to use
> Windows authentication, as such:
>
> <appSettings>
> <add key="connectionString"
> value="database=RegPerfectDb;server=localhost;Trusted_Con nection=true" />
> </appSettings>
>
> <system.web>
> <authentication mode="Windows" />
> <authorization>
> <deny users="?" />
> </authorization>
> <identity impersonate="true" />
> </system.web>
>
> Then, in my Application_Start event in Global.asax, I need to run a query
or
> two to get some application-wide data from our database and store it in
the
> application cache.
>
> When I try to access a database from Application_Start, I get the
following
> error:
>
> System.Data.SqlClient.SqlException: Cannot open database requested in
login
> 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\ASPNET'.
>
> It's as if it is using the default ASP.NET worker process account (which
is
> not what I want). I need it to authenticate/authorize the logged in user
> (which has access to the database) and use that user to access the
database.
>
>
> So, my questions are: what am I doing wrong? how do I set up IIS,
> Web.config, database connection, etc. so that everything is properly
> authenticated/authorized to the logged in user so that I can query the
> database in Application_Start?
>
> Thanks in advance for your help.
>
>
Interesting. Does this only happen in Application_Start event? Does it
connect to SQL as the logged in user in a later event, say from Page_Load?
Greg
"Ober" <ober@.yahoo.com> wrote in message
news:e0dDiobmEHA.3392@.TK2MSFTNGP15.phx.gbl...
>
> I'm having trouble with my security model, Application_Start, and
> accessing
> my database.
>
> My ASP.NET app is only going to be running in an intranet environment (not
> on the public Internet). The production environment will have installed
> everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a
> Win2k Server).
>
> In IIS, I have disabled anonymous access so that only Integrated Windows
> authentication is used. Then in my Web.config file I've set it up to use
> Windows authentication, as such:
>
> <appSettings>
> <add key="connectionString"
> value="database=RegPerfectDb;server=localhost;Trusted_Con nection=true" />
> </appSettings>
>
> <system.web>
> <authentication mode="Windows" />
> <authorization>
> <deny users="?" />
> </authorization>
> <identity impersonate="true" />
> </system.web>
>
> Then, in my Application_Start event in Global.asax, I need to run a query
> or
> two to get some application-wide data from our database and store it in
> the
> application cache.
>
> When I try to access a database from Application_Start, I get the
> following
> error:
>
> System.Data.SqlClient.SqlException: Cannot open database requested in
> login
> 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\ASPNET'.
>
> It's as if it is using the default ASP.NET worker process account (which
> is
> not what I want). I need it to authenticate/authorize the logged in user
> (which has access to the database) and use that user to access the
> database.
>
>
> So, my questions are: what am I doing wrong? how do I set up IIS,
> Web.config, database connection, etc. so that everything is properly
> authenticated/authorized to the logged in user so that I can query the
> database in Application_Start?
>
> Thanks in advance for your help.
>
>
> Whatever you do in application_start can't rely on what user happened to
> have made the first request to this app - so it needs a connection
> independent of that.
Ah, that makes good sense. Missed that.
Thanks for the info. That totally makes sense. Do you or does anyone else
have any suggestions on how to do what I'm looking to do? Maybe, put the
code in Session_Start (but then I don't need it to run for every new
session)? Or??
Thanks!
"Marina" <someone@.nospam.com> wrote in message
news:OPn5fsbmEHA.3464@.tk2msftngp13.phx.gbl...
> This is because when the application starts, it isn't running under any
> particular user. That only happens for page requests - which is processed
> after the application is started. Application_Start runs only once - and
so
> in what you are proposing, it would happen to run under whoever happened
to
> be the first person to access the application? It just doesn't work that
> way.
> Whatever you do in application_start can't rely on what user happened to
> have made the first request to this app - so it needs a connection
> independent of that.
> "Ober" <ober@.yahoo.com> wrote in message
> news:e0dDiobmEHA.3392@.TK2MSFTNGP15.phx.gbl...
> > I'm having trouble with my security model, Application_Start, and
> accessing
> > my database.
> > My ASP.NET app is only going to be running in an intranet environment
(not
> > on the public Internet). The production environment will have installed
> > everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on
a
> > Win2k Server).
> > In IIS, I have disabled anonymous access so that only Integrated Windows
> > authentication is used. Then in my Web.config file I've set it up to
use
> > Windows authentication, as such:
> > <appSettings>
> > <add key="connectionString"
> > value="database=RegPerfectDb;server=localhost;Trusted_Con nection=true"
/>
> > </appSettings>
> > <system.web>
> > <authentication mode="Windows" />
> > <authorization>
> > <deny users="?" />
> > </authorization>
> > <identity impersonate="true" />
> > </system.web>
> > Then, in my Application_Start event in Global.asax, I need to run a
query
> or
> > two to get some application-wide data from our database and store it in
> the
> > application cache.
> > When I try to access a database from Application_Start, I get the
> following
> > error:
> > System.Data.SqlClient.SqlException: Cannot open database requested in
> login
> > 'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\ASPNET'.
> > It's as if it is using the default ASP.NET worker process account (which
> is
> > not what I want). I need it to authenticate/authorize the logged in
user
> > (which has access to the database) and use that user to access the
> database.
> > So, my questions are: what am I doing wrong? how do I set up IIS,
> > Web.config, database connection, etc. so that everything is properly
> > authenticated/authorized to the logged in user so that I can query the
> > database in Application_Start?
> > Thanks in advance for your help.
Is there any reason why you can't create a login for the ASPNET user?
Also, it is recommended that you use a single account to access your
database rather than use an account for each user. That way you will be
using your pooled connections more efficiently.
- Frank Mamone
"Ober" <ober@.yahoo.com> wrote in message
news:%23iZ16qdmEHA.3868@.TK2MSFTNGP11.phx.gbl...
> Thanks for the info. That totally makes sense. Do you or does anyone
else
> have any suggestions on how to do what I'm looking to do? Maybe, put the
> code in Session_Start (but then I don't need it to run for every new
> session)? Or??
> Thanks!
>
> "Marina" <someone@.nospam.com> wrote in message
> news:OPn5fsbmEHA.3464@.tk2msftngp13.phx.gbl...
> > This is because when the application starts, it isn't running under any
> > particular user. That only happens for page requests - which is
processed
> > after the application is started. Application_Start runs only once -
and
> so
> > in what you are proposing, it would happen to run under whoever happened
> to
> > be the first person to access the application? It just doesn't work that
> > way.
> > Whatever you do in application_start can't rely on what user happened to
> > have made the first request to this app - so it needs a connection
> > independent of that.
> > "Ober" <ober@.yahoo.com> wrote in message
> > news:e0dDiobmEHA.3392@.TK2MSFTNGP15.phx.gbl...
> > > > > I'm having trouble with my security model, Application_Start, and
> > accessing
> > > my database.
> > > > > > My ASP.NET app is only going to be running in an intranet environment
> (not
> > > on the public Internet). The production environment will have
installed
> > > everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all
on
> a
> > > Win2k Server).
> > > > > > In IIS, I have disabled anonymous access so that only Integrated
Windows
> > > authentication is used. Then in my Web.config file I've set it up to
> use
> > > Windows authentication, as such:
> > > > > > <appSettings>
> > > > <add key="connectionString"
> > > value="database=RegPerfectDb;server=localhost;Trusted_Con nection=true"
> />
> > > > </appSettings>
> > > > > > <system.web>
> > > > <authentication mode="Windows" />
> > > > <authorization>
> > > > <deny users="?" />
> > > > </authorization>
> > > > <identity impersonate="true" />
> > > > </system.web>
> > > > > > Then, in my Application_Start event in Global.asax, I need to run a
> query
> > or
> > > two to get some application-wide data from our database and store it
in
> > the
> > > application cache.
> > > > > > When I try to access a database from Application_Start, I get the
> > following
> > > error:
> > > > > > System.Data.SqlClient.SqlException: Cannot open database requested in
> > login
> > > 'DatabaseName'. Login fails. Login failed for user
'MACHINENAME\ASPNET'.
> > > > > > It's as if it is using the default ASP.NET worker process account
(which
> > is
> > > not what I want). I need it to authenticate/authorize the logged in
> user
> > > (which has access to the database) and use that user to access the
> > database.
> > > > > > > > So, my questions are: what am I doing wrong? how do I set up IIS,
> > > Web.config, database connection, etc. so that everything is properly
> > > authenticated/authorized to the logged in user so that I can query the
> > > database in Application_Start?
> > > > > > Thanks in advance for your help.
> > > > > > >
0 comments:
Post a Comment