Sunday, February 12, 2012

Connecting to SQL Server from IIS in DMZ

My Web Server is standalone, in a DMZ and not a member of the domain the SQL server belongs to. The SQL server is internal and behind a firewall.

I followed the recommendations on Microsoft's website Using the ASP.NET process identity
and local mirrored ASPNET accounts:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch12.asp

But get the error: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection

From what I read in the document it should try and connect with the ASPNET Process identity.

I have tested with Impersonation using a local windows account and UserID and Password in the connection string and can connect to the SQL server through the firewall so the relevant ports etc are open.

However I don't want to have user Id's and passwords in the connection string and would like to use integrated security.

Pls help as I am tearing all my hair out!!!!!This must be frustrating for you.

Could you post the connection string that is failing and maybe that will spark the answer?

Terri|||Thanks for your reply, however I organised a contractor to come in and check it out and when I showed him what the problem was it didn't happen and everything worked ok!!

Arrrggghhh!!! And nothing at all has/was changed.

Typical...

Cheers|||I have the EXACT same problem, only mine isn't fixing itself! I used the mirrored local ASPNET account and I am getting the login failed for user '(null)' message.

Connection string is: Data Source=<server name>;Initial Catalog=<database name>;Integrated Security=SSPI;

Any ideas?|||I spent hours upon hours trying to fix it.
Have you changed the 'machine' password in machine.config to match your local ASPNET Account?

Basically I changed that and set up the accounts and I got the error you are talking about, it came right by itself, when I think back it is possible I did a reboot of the webserver.|||You were right, I just needed to reboot the webserver. I guess the thing to remember is always reboot when you change machine.cofig.

Thanks, Cove!|||No problem. Probably stopping and starting the relevant services would have done the trick too??

No comments:

Post a Comment