tags:

views:

1794

answers:

3
+1  Q: 

Classic ASP problem connecting to remote SQL Server database

I have a classic ASP app that I am trying to connect to a SQL Server 2008 database on a different server. The ASP app is being served from IIS7 on Windows Server 2008.

I have changed the web site's application pool to run under a specific windows account, that I have verified has access to the database on the remote server.

However, when I run the app in the browser, I get this error:

Application Error 
Number: -2147217843 (0x80040E4D)
Source: Microsoft OLE DB Provider for SQL Server
Description: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Why is it trying to connect using NT AUTHORITY\ANONYMOUS LOGON? Does the App pool identity not apply to classic ASP code? How can I make this connect as a specific user?

EDIT

Here is the connection string I am using:

Provider=SQLOLEDB.1;Data Source=myDbServer;Initial Catalog=myDatabase;Integrated Security=SSPI

+1  A: 

you should specify a username and password for the connection string www.connectionstrings.com or set the IIS application to run as a specific user however that would then render a lot of the security settings in IIS obsolete. 

Provider=SQLNCLI10;Server=myServerAddress;Database=myDataBase;Uid=myUsername; Pwd=myPassword;

And have a look here: aspfaq

Lastly, make sure anonymous access is disabled on the IIS site so that it actually impersonates the user you selected instead of passing the anonymous tokens through.

Mauro  2009-07-16 19:38:45
I don't want to disable anonymous access. I am using a form to authenticate users.
Ronnie Overby  2009-07-16 19:54:53
You shouldn't specify a username and password (i.e. SQL authentication) if you can avoid it. Using Windows authentication (integrated security) means you don't need to put credentials in your config files so that if those files are compromised, you don't lose control of the credentials. I've added an answer which shows how to get Windows authentication working for classic ASP.
Robin M  2010-10-12 10:54:25
A: 

Does your app impersonate the caller? You need to enable constrained delegation: Configuring Servers for Delegation.

Remus Rusanu  2009-07-16 19:47:21
Neither servers are members of an Active Directory domain.
Ronnie Overby  2009-07-16 19:54:17
Integrated Security=SSPI needs NTLM/Kerberos to work. You can either create a domain and use tru Windows Auth, use SQL authentication instead, or create identical local user/password accounts on the two machines and have the app pool use this credential.
Remus Rusanu  2009-07-16 20:15:09
@Remus - "... or create identical local user/password accounts on the two machines and have the app pool use this credential." That's exactly what I have done, but it is not working. I have done this for an ASP.NET site that is working with the same account. This is frustrating.
Ronnie Overby  2009-07-16 20:40:52
I don't think your classic ASP app pool is actually running as the user you expect it to run. But I'm not familiar enough with classic ASP on IIS7 quirks to guess why.
Remus Rusanu  2009-07-16 22:19:11
A: 

For a site to use the application pool identity for classic ASP, you need to change the credentials used for Anonymous Authentication. By default, the site will be set to use a specific user, namely IUSR.

Select Authentication from the IIS area of your site, then select Anonymous Authentication followed by Edit. Change from Specific user to Application pool identity.

It's advisable to use Windows authentication (integrated security) over SQL authentication so that you don't have credentials in your config files so that if those files are compromised, you don't lose control of the credentials.

Robin M  2010-10-12 10:48:53

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?