tags:

views:

107

answers:

2
Q: 

Cannot open database "our database" requested by the login. The login failed. Login failed for user 'ADUser'

We are rolling out our first .net 4.0 entity framework application and are having an issue with security.

We have it working on our alpha site inside our development environment with the following setup:

  1. SQL2005
  2. IIS6
  3. .NET 4.0
  4. asp.net mvc 2
  5. Entity Framework
  6. NTLM

But when we moved it to our production environment for beta testing we are getting the following error via asp.net

SqlException (0x80131904): Cannot open database "our database name" requested by the login. The login failed. Login failed for user 'Domain\User'.

The only difference between the between the 2 environments is we are using Kerberos instead of NTLM in our production environment. We have several other .net 3.5 sites using LinqToSql that run on both environments.

We have already done the following:

  1. Replaced an active user on another test site with the user that is failing to make sure it isn't an issue with the way the user is set up. - worked
  2. Dropped and re-added the user from sql2005 - did nothing

The issue appears to be related to .net 4.0 as this is our first...

A: 

Based on the error message, 2 questions:

  • Does the login have access to the database in your production site?
  • Does the database that you specified in the connection string on the SQL server that is specified in the connection string?

These are the 2 most common causes of that issue. A Kerberos issue usually manifests itself in SQL Server a little differently.

Thanks, Eric

Strommy  2010-08-23 22:32:40
Yes, via role=>schema.If you second question reads: "Does the database exist on the sql server...", yes
J.13.L  2010-08-23 22:36:16
A: 

The difference between NTLM and Kerberos is huge. With NTLM, you can use pass-through authentication with Kerberos you cannot. With Kerberos and Windows Authentication, you need to setup a Service Principal Name (SPN for short) that tells SQL Server that it can be accessed by whatever IIS account you use.

Understanding Kerberos and NTLM authentication in SQL Server Connections

Here's another article on setting up Kerberos. Jump down to the section titled "Configure a service principal name for the domain user account"

Thomas  2010-08-23 22:42:54
But we have several other sites that use sql 2005 and the others settings (NTLM and Kerborose). The only difference is that fact that this is our first .net 4.0 site
J.13.L  2010-08-23 22:52:32
@J.13.L - Whether you are using Kerberos makes a significant difference. However, I would first ensure that the connection string is correct. Is the protocol being used enabled? Is the server name correct and is the server able to resolve the name correctly? Is the database name correct? Does the user account being used have access to the database? etc.
Thomas  2010-08-24 04:42:36
I have verified all these things. We have it working in our Development environment. So the only thing that changes is the connection string and we have verified that several times.
J.13.L  2010-08-24 15:03:52
Does 3.5 cause security to fallback to ntlm where as 4.0 would not?
J.13.L  2010-08-24 15:42:25
Thanks for you help, after doing some research on service principal name we were able to get it running...
J.13.L  2010-08-24 18:13:03

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security