Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection from ASP

B

Brian Fulford

I am losing lots of hair over this issue. We are trying to implement windows
authentication from a web server to a database server.
The web server is on a domain; the db server is not... does this matter?
the IUSR_machinename user from the web server has been added as an account
on the db server and also been to added to db logins and given access to the
databases that it will need access to.

My web.config has the following:
<authentication mode="Windows"/>

<sessionState mode="SQLServer" sqlConnectionString="Network
Library=DBMSSOCN; data source=192.168.30.95; Integrated Security=SSPI;"
cookieless="false" timeout="20"/>


Anyone run into this?


Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.
at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean&
isInTransaction)
at
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnec
tionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
at System.Web.SessionState.SqlStateConnection..ctor(String
sqlconnectionstring)
 
M

Miha Markic [MVP C#]

Brian,

aspnet Application runs under local aspnet account thus it can't connect to
sql server using integrated security.
Why don't you use sql server security instead?
Or you might run your app under some other domain account (see <identity>
node of web.config)
 
B

Brian Fulford

Originally the app was set up to use sql security and not windows
authentication; however, it was mandated that we convert to windows
integrated security.

When I check the Windows Identity... IUSR is the current user.. so shouldnt
the IUSR account be able to access the SQL server if that user was created
on the SQL server?
? System.Security.Principal.WindowsIdentity.GetCurrent

{System.Security.Principal.WindowsIdentity}

AuthenticationType: "NTLM"

IsAnonymous: False

IsAuthenticated: True

IsGuest: False

IsSystem: False

Name: "CBF1\IUSR_FULFOB"

Token: 868







Miha Markic said:
Brian,

aspnet Application runs under local aspnet account thus it can't connect to
sql server using integrated security.
Why don't you use sql server security instead?
Or you might run your app under some other domain account (see <identity>
node of web.config)

--
Miha Markic [MVP C#] - RightHand .NET consulting & development
miha at rthand com
www.rthand.com

Brian Fulford said:
I am losing lots of hair over this issue. We are trying to implement
windows
authentication from a web server to a database server.
The web server is on a domain; the db server is not... does this matter?
the IUSR_machinename user from the web server has been added as an account
on the db server and also been to added to db logins and given access to
the
databases that it will need access to.

My web.config has the following:
<authentication mode="Windows"/>

<sessionState mode="SQLServer" sqlConnectionString="Network
Library=DBMSSOCN; data source=192.168.30.95; Integrated Security=SSPI;"
cookieless="false" timeout="20"/>


Anyone run into this?


Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.
at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean&
isInTransaction)
at
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnec
tionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
at System.Web.SessionState.SqlStateConnection..ctor(String
sqlconnectionstring)
 
M

Miha Markic [MVP C#]

Brian Fulford said:
Originally the app was set up to use sql security and not windows
authentication; however, it was mandated that we convert to windows
integrated security.

When I check the Windows Identity... IUSR is the current user.. so
shouldnt
the IUSR account be able to access the SQL server if that user was created
on the SQL server?

No, aspnet application is run under aspnet account by default (if not
otherwise specified) or under network service under windows 2003.

--
Miha Markic [MVP C#] - RightHand .NET consulting & development
miha at rthand com
www.rthand.com
? System.Security.Principal.WindowsIdentity.GetCurrent

{System.Security.Principal.WindowsIdentity}

AuthenticationType: "NTLM"

IsAnonymous: False

IsAuthenticated: True

IsGuest: False

IsSystem: False

Name: "CBF1\IUSR_FULFOB"

Token: 868







Miha Markic said:
Brian,

aspnet Application runs under local aspnet account thus it can't connect to
sql server using integrated security.
Why don't you use sql server security instead?
Or you might run your app under some other domain account (see <identity>
node of web.config)

--
Miha Markic [MVP C#] - RightHand .NET consulting & development
miha at rthand com
www.rthand.com

Brian Fulford said:
I am losing lots of hair over this issue. We are trying to implement
windows
authentication from a web server to a database server.
The web server is on a domain; the db server is not... does this
matter?
the IUSR_machinename user from the web server has been added as an account
on the db server and also been to added to db logins and given access
to
the
databases that it will need access to.

My web.config has the following:
<authentication mode="Windows"/>

<sessionState mode="SQLServer" sqlConnectionString="Network
Library=DBMSSOCN; data source=192.168.30.95; Integrated Security=SSPI;"
cookieless="false" timeout="20"/>


Anyone run into this?


Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection.
at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean&
isInTransaction)
at
System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnec
tionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
at System.Web.SessionState.SqlStateConnection..ctor(String
sqlconnectionstring)
 
H

HG

Hi Brian

See inline comments
I am losing lots of hair over this issue. We are trying to implement windows
authentication from a web server to a database server.
The web server is on a domain; the db server is not... does this matter?
the IUSR_machinename user from the web server has been added as an account
on the db server and also been to added to db logins and given access to the
databases that it will need access to.

I think putting the SQL Server on the domain solves the problem rightaway. I
have used this setup several times. Is this an option for you?

Second option might be to use impersonation, where the credentials are
propagated from the ASP.NET process to IIS to SQL Server.

I would go for the first one.

Let me know if I did anything at all to help you.

Regards

Henrik
 
B

Brian Fulford

The move to the domain has always been in the back of my mind but to do
that... aacckk gotta go plead with the network guys and then be at their
mercy.

I tried to add the impersonation credentials to the web.config but got a
nasty global compile error. Well time to go talk to the team and see what we
can do about the domain.
 
M

Miha Markic [MVP C#]

Brian,

I really don't see how will moving sql server into domain help you if you
are running asp.net application under default *local* account.
 
B

Brian Fulford

Well I am attempting now to sync the aspnet user accounts between web server
and database server....
I have changed the machine.config entry for processModel to use the password
I set in the User Account to see if I can access the server that way.

Miha Markic said:
Brian,

I really don't see how will moving sql server into domain help you if you
are running asp.net application under default *local* account.

--
Miha Markic [MVP C#] - RightHand .NET consulting & development
miha at rthand com
www.rthand.com

Brian Fulford said:
The move to the domain has always been in the back of my mind but to do
that... aacckk gotta go plead with the network guys and then be at their
mercy.

I tried to add the impersonation credentials to the web.config but got a
nasty global compile error. Well time to go talk to the team and see what
we
can do about the domain.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top