tags:

views:

144

answers:

1
Q: 

ASP.NET membership db using integrated security problem

I published ASP.NET MVC web site to a server on a virtual machine (Hyper-V). SQL Server Express installed on the same server.

The problem is that ASP.Net Membership system doesn't work in integrated mode. When Web.config file contains records as follows:

   <connectionStrings>
    <remove name="LocalSqlServer" />
    <add name="MyDBConnectionString" connectionString="data source=vm-1\SQLEXPRESS;Initial Catalog=testdb;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
   </connectionStrings>

I get an error when trying to register and login to the site.

If I change connection string this way:

   <connectionStrings>
    <remove name="LocalSqlServer" />
    <add name="MyDBConnectionString" connectionString="data source=vm-1\SQLEXPRESS;Initial Catalog=testdb;User ID=XX;Password=XXXXXXX;" providerName="System.Data.SqlClient"/>
   </connectionStrings>

I could register and login without any problem.

What could cause the problem with using ASP.NET membership database in integrated security mode?

+1  A: 

If you don't use impersonation you need to grant access to membership objects for the account ASP.NET process is running under. Most likely it's NETWORKSERVICE. When you create membership objects with aspnet_regsql.exe, it also creates special roles (like aspnet_membership_BasicAccess, etc) with execute permissions to the corresponding SPs. So create a login for NETWORKSERVICE account, add a user to your database for that login and grant him one of those aspnet_ roles.

Try the following script i use as part of my database deployment (must be run as database administrator):

IF NOT EXISTS (SELECT * FROM master.dbo.syslogins WHERE loginname = N'NT AUTHORITY\NETWORK SERVICE')
CREATE LOGIN [NT AUTHORITY\NETWORK SERVICE] FROM WINDOWS
GO
CREATE USER [NT AUTHORITY\NETWORK SERVICE] FOR LOGIN [NT AUTHORITY\NETWORK SERVICE] WITH DEFAULT_SCHEMA=[dbo]
GO
GRANT CONNECT TO [NT AUTHORITY\NETWORK SERVICE]
GO

exec sp_addrolemember 'aspnet_Membership_BasicAccess', 'NT AUTHORITY\NETWORK SERVICE'
GO
exec sp_addrolemember 'aspnet_Roles_BasicAccess', 'NT AUTHORITY\NETWORK SERVICE'
GO
UserControl  2010-05-16 17:31:48
Thank you. Sorry but I can not find a Network Service account to create a login for it. Could you give me a hint how I could create such a login?
rem  2010-05-16 18:00:49
Maybe it is something from NT AUTHORITY\SYSTEM or NT SERVICE\MSSQL$SQLEXPRESS that I have as logins in my SQL Server?
rem  2010-05-16 18:25:09
If it's IIS6 or higher (and it probably is) it'll be the account the AppPool is running under.
R0MANARMY  2010-05-16 18:38:23
no, it should be NETWORK SERVICE (in case of IIS6+) and ASPNET on 5.x.
UserControl  2010-05-16 18:41:45
Thank you. With the help of your script I successfully performed everything as you suggested: created NT AUTHORITY\NETWORK SERVICE login, NT AUTHORITY\NETWORK SERVICE user for my database, mapped to this login, and granted this user 'aspnet_Membership_BasicAccess' and 'aspnet_Roles_BasicAccess', but my initial problem with Integrated Security remained as it was.
rem  2010-05-16 19:42:19
Well, look like it's not security issue. If you could provide more information like error code/message if would be easier to solve the problem.
UserControl  2010-05-17 04:07:46
OK, thanks for your help anyway, +1
rem  2010-05-17 07:30:34

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?