tags:

views:

238

answers:

4
Q: 

Database connections work fine when application is run from localhost. Login fails from dev server.

I have an application which connects to a database, retrieves a username from a user's table and matches it against the username retrieved with System.Security.Principal.WindowsIdentity.GetCurrent.Name

On my localhost, everything works fine. The database exists on the development server but the application lies on my localhost. All of my authorization and authentication techniques are running smoothly.

However, when I publish my application to the development server, I'm faced with the following error.

Cannot open database requested in login 'databaseName'. Login fails.
Login failed for user 'DevelopmentServerName\ASPNET'.

I can't put my finger onto what would cause this. Any help would be greatly appreciated.

Thanks!

Edit: Here is the connection string! 

  <add name="connectionStringName" connectionString="Initial Catalog=myDatabase;Data Source=DevelopmentServerName;Integrated Security=True"
     providerName="System.Data.SqlClient" />

Also, for context. This authentication needs to grab the user's Windows username and match it against the username in the database. Users will have the Computername\Myname username built into the database (if they are authorized to use the required section of the program, that is).

Thanks again :)

+3  A: 

It appears that your application is attempting to connect to the database under the ASPNET account, which may have limited permissions on the development server, as opposed to logging in on your own (you local machine may actually be using your windows identity). I can see two potential solutions.

  1. Make sure to add into the system.web section of your web.config file.

  2. Check with the system administrator and the SQL administrator to make sure the ASPNET account has proper authorization to connect to the database, if indeed your environment allows this account to connect.

Adding some additional code to your question, such as your connection string may help things out as well.

EDIT: Okay, you are indeed using IntegratedSecurity, so typically with this kind of setup (using impersonation), you need to make sure you are getting prompted to add your Username and Password to authenticate against.

We have a similar setup, and to do this, we have to go to the IIS settings for the virtual directory, select the Directory Security tab, and click the Edit button under Anonymous access and authentication control.

Make sure Anonymous access is unchecked, and you may will most likely need to enable the proper authentication for your environment. Unfortunately we're still using Basic authentication (clear text) here, but Integrated Windows authentication may will work for you too. It depends on your environment.

I'm adding this comment to the main post since this seemed to have done the trick...

I just found this post which may help you get the proper configuration setup to handle what you need based on your IIS environment.

Dillie-O  2009-06-11 16:45:29
I have added the connection string to the question. Does this help clear anything up? The system.web section of my web.config file does, in fact, exist.
Chris  2009-06-11 16:52:41
Check my edit, I added some more details.
Dillie-O  2009-06-11 17:02:06
First of all, thanks for your response. The purpose of all of this is to avoid any "login", so prompting to add a username and password to authenticate against is, unfortunately, not an option. The application must draw the windows username from the computer and match that against the database. Also, I don't have access to any configuration settings on the dev server itself, which leaves me in a sticky situation.
Chris  2009-06-11 17:07:50
If you can get a hold of one of the server admins, see if they can uncheck anonymous and select the integrated windows authentication. What are the IIS settings on your local machine?
Dillie-O  2009-06-11 17:18:27
On my local machine, Integrated Windows authentication is checked, the rest are unchecked. There are several apps running on the dev server besides the app I'm working on, and I've been advised to avoid any methods that involve changing settings on the dev server itself (which complicates things, but there must still be a way around this). Thanks again
Chris  2009-06-11 17:26:21
It sounds like you need to contact one of the server admins and find out what the default IIS configuration is for new virtual directories there and you may need to augment your app accordingly.
Dillie-O  2009-06-11 18:11:22
I just found this post which may help you get the proper configuration setup to handle what you need based on your IIS environment: http://forums.iis.net/t/1152237.aspx
Dillie-O  2009-06-11 18:13:20
Awesome, that link worked wonders. Using the threads worked like a charm.
Chris  2009-06-11 19:19:07
A: 

The answer may lay with your connection string. My guess would be that you are using integrated authentication to log into the database. This works fine when it's your machine because the application is using your credentials. When you publish to the development server you would be using the aspNet user and wouldn't have the right credentials to login. I would either add this user to your database server or change your connection string to use SQL authentication.

Avitus  2009-06-11 16:45:34
SQL authentication? How might this work? We're storing valid users' usernames (eg, Comptuername/username) in a username table and matching that against the current user's windows username.
Chris  2009-06-11 17:03:03
A: 

It could be a firewall setting that's preventing your server from seeing your database.

It might also have something to do with your connection string. If you're using anything besides a username/password combo in your web.config file, you will probably require additional configuration to convince the database server to let you connect.

StriplingWarrior  2009-06-11 16:46:41
+1 When the production server is in a dmz yuo typically have to address the sql server differently.
TGnat  2009-06-11 17:04:25
what different configurations wuold need to be in place? andi 'm not usre what a dmz is.
Chris  2009-06-11 17:06:10
A: 

It seems that what you want to do is impersonate the caller of the web page. You need to add a line to your web.config to do this:

<identity impersonate="true" />

See this article for an explanation.

quinnapi  2009-06-11 16:51:00

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?