Connecting to SQLServer 2000 from ASP.NET

I have an ASP.NET application that connects to a SQL Server database.
The SQL Server resides on a seperate development server from the IIS5.1 on
Windows XP SP2 on development PCs which host the ASP.NET application.
I would like to use Integrated Windows Authentication like
Integrated Security=SSPI;Persist Security Info=False;Initial
Catalog=DBName;Data Source=DevServer1
My problems!
1) ASP.NET would be running on development PCs as
MachineName\IUSR_MachineName and under SQL Server Enterprise Manager on the
Dev PC, I can't think of a way to add this user (which is on a different
machine) as a Windows user
2.1) I managed to add MyDomain\AUser as a SQL user in Enterprise Manager.
2.2) I tried to get my ASP.NET to run as MyDomain\AUser by editing
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFI G\Machine.config as
follows
<processModel
enable="true"
timeout="Infinite"
idleTimeout="Infinite"
shutdownTimeout="0:00:05"
requestLimit="Infinite"
requestQueueLimit="5000"
restartQueueLimit="10"
memoryLimit="60"
webGarden="false"
cpuMask="0xffffffff"
userName="MyDomain\AUser"
password="password"
logLevel="Errors"
clientConnectedCheck="0:00:05"
comAuthenticationLevel="Connect"
comImpersonationLevel="Impersonate"
responseDeadlockInterval="00:03:00"
maxWorkerThreads="20"
maxIoThreads="20"
/>
However, when I launch the ASP.NET application from IE (before it even get
to the stage to connect to SQLServer, I get the error on IE saying
Application Unavailable, and in the Event Viewer, I get
Event Type: Error
Event Source: ASP.NET 1.1.4322.0
Event Category: None
Event ID: 1084
User: N/A
Computer: MachineName
Description:
aspnet_wp.exe could not be started. The error code for the failure is
80004005. This error can be caused when the worker process account has
insufficient rights to read the .NET Framework files. Please ensure that the
..NET Framework is correctly installed and that the ACLs on the installation
directory allow access to the configured account.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: ASP.NET 1.1.4322.0
Event Category: None
Event ID: 1007
User: N/A
Computer: MachineName
Description:
aspnet_wp.exe could not be launched because the username and/or password
supplied in the processModel section of the config file are invalid.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
How could I fix this? I am 100% sure I have entered the correct username
and password under machine.config and I did do an iisreset as well!
The problem may not be the username and password, but in the rights
MyDomain\MyUser has. For instance, I know the user has to have "Log in
as batch job" user rights. One way to track down these problems is to
turn on security auditing in the local security policy and look at
what turns up in the event log.
Another solution I have used is to let ASP.NET execute as the local
ASPNET account but set the password to a known password. In other
words, instead of:
userName="machine" password="AutoGenerate"
in machine.config, use:
userName="machine" password="longpassword"
Then on the database server, create a local ASPNET account with the
same password. For rights, you'll need "Access this computer from the
network", and "log on as batch job". You can deny local login. You'll
need to add ASPNET as a login to SQL Server and grant access to the
correct databases of course.
HTH,
Scott
http://www.OdeToCode.com
On Thu, 22 Apr 2004 22:49:31 +0100, "Patrick"
<patl@.reply.newsgroup.msn.com> wrote:

>I have an ASP.NET application that connects to a SQL Server database.
>The SQL Server resides on a seperate development server from the IIS5.1 on
>Windows XP SP2 on development PCs which host the ASP.NET application.
>I would like to use Integrated Windows Authentication like
> Integrated Security=SSPI;Persist Security Info=False;Initial
>Catalog=DBName;Data Source=DevServer1
>My problems!
>1) ASP.NET would be running on development PCs as
>MachineName\IUSR_MachineName and under SQL Server Enterprise Manager on the
>Dev PC, I can't think of a way to add this user (which is on a different
>machine) as a Windows user
>2.1) I managed to add MyDomain\AUser as a SQL user in Enterprise Manager.
>2.2) I tried to get my ASP.NET to run as MyDomain\AUser by editing
>C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONF IG\Machine.config as
>follows
> <processModel
> enable="true"
> timeout="Infinite"
> idleTimeout="Infinite"
> shutdownTimeout="0:00:05"
> requestLimit="Infinite"
> requestQueueLimit="5000"
> restartQueueLimit="10"
> memoryLimit="60"
> webGarden="false"
> cpuMask="0xffffffff"
> userName="MyDomain\AUser"
> password="password"
> logLevel="Errors"
> clientConnectedCheck="0:00:05"
> comAuthenticationLevel="Connect"
> comImpersonationLevel="Impersonate"
> responseDeadlockInterval="00:03:00"
> maxWorkerThreads="20"
> maxIoThreads="20"
> />
>However, when I launch the ASP.NET application from IE (before it even get
>to the stage to connect to SQLServer, I get the error on IE saying
>Application Unavailable, and in the Event Viewer, I get
>Event Type: Error
>Event Source: ASP.NET 1.1.4322.0
>Event Category: None
>Event ID: 1084
>User: N/A
>Computer: MachineName
>Description:
>aspnet_wp.exe could not be started. The error code for the failure is
>80004005. This error can be caused when the worker process account has
>insufficient rights to read the .NET Framework files. Please ensure that the
>.NET Framework is correctly installed and that the ACLs on the installation
>directory allow access to the configured account.
>For more information, see Help and Support Center at
>http://go.microsoft.com/fwlink/events.asp.
>
>Event Type: Error
>Event Source: ASP.NET 1.1.4322.0
>Event Category: None
>Event ID: 1007
>User: N/A
>Computer: MachineName
>Description:
>aspnet_wp.exe could not be launched because the username and/or password
>supplied in the processModel section of the config file are invalid.
>For more information, see Help and Support Center at
>http://go.microsoft.com/fwlink/events.asp.
>How could I fix this? I am 100% sure I have entered the correct username
>and password under machine.config and I did do an iisreset as well!
>
|||Hi Patrick,
How are things going currently?
I am just checking on your progress regarding the information that was sent you. Thanks for Scott's kind
help on your issue. Have you tried the solutions provided to you? I wonder how the testing is going. If you
encounter any difficulty, please do not hesitate to let us know.
The issue seems to be security related in ASP.NET. I saw you ask this question in another ASPNET queue
but not sure how are things going there.Please post here and let me know the status of your issue.
Looking forward to hearing from you soon
Best regards,
Billy Yao
Microsoft Online Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only. Thanks.
|||Hi Patrick,
I followed with my previous post and ask if there is any headway on your side?
Per Scott's suggestion, I also believe the issue is not located in SQL Server side but in the side of the
improper rights the MyDomain\MyUser has. I'm not sure if you have implemented the following setting in
your Machine.config file:
<identity impersonate="true" userName="MyDomain\aspUser1" password="password"/>
If the ASP.NET application and SQL Server are deployed on the different machines, you may need to use
impersonate="true" to let your ASP.Net application impersonate the fixed identity.
Please let us know if this helps solve your problem.
Best regards,
Billy Yao
Microsoft Online Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only. Thanks.