locked
Changing how I determine the Windows user logged in, still getting error Login failed for user SERVERNAME RRS feed

  • Question

  • User-900017823 posted

    I'm working on an old VB.NET app written years by people who've long since gone. They had it set up to use SQL Server authentication, I'm changing it to use Windows authentication, not that I think that bears upon my problem, I'm just mentioning it as background. After I changed the connection string to use integrated security instead of specifying a SQL Server login/user, I tested it. It worked fine on my dev machine. So I published it to the test web site and tested it. There it failed giving me the error 

    Login failed for user 'OURDOMAIN\OURSERVERSERVER$'

    So I looked up the error and came across this post on Stack Overflow. The solution suggested using WindowsIdentity. The previous developer used User.Identity instead. So, I changed to code as follows:

    Protected Sub btn_Continue_Click(sender As Object, e As System.EventArgs) Handles btn_Continue.Click
    
    	Dim DOHUserid As String
    
    	'DOHUserid = User.Identity.Name.Split("\")(1)   'This is what was here before 3/26/2020
    
    	Dim identity As WindowsIdentity = HttpContext.Current.Request.LogonUserIdentity
    	DOHUserid = identity.Name.Split("\")(1)
    
    
    	Dim x As New WicLibrary.Wic.StaffMembers
    	Dim connString As String = ConfigurationManager.ConnectionStrings("ConnString").ConnectionString
    
    	If x.ValidLoginWinAuthenticate(connString, DOHUserid) Then
    

    I've left out code for brevity's sake.

    Again, this worked perfectly fine on my machine when I debugged it. But it failed with the same error when I published it to the test web server and tested it. For completeness sake, I'll provide to the for ValidLoginWinAuthenticate() method. Here it is:

    Public Function ValidLoginWinAuthenticate(ByVal ConnectionString As String, ByVal WINUsername As String) As Boolean
    
    	Dim sqlTool As New SqlTool(ConnectionString)
    	sqlTool.SqlString = "SELECT phd_win_userid FROM Phd_user WHERE phd_user_status = 'Active' AND phd_win_userid = '" & WINUsername & "'"
    
    	Dim dr As SqlClient.SqlDataReader = sqlTool.ExecuteReader
    	If dr.Read Then
    		If Not dr.IsDBNull(0) Then
    			ValidLoginWinAuthenticate = True 'dr(0) > 0
    		Else
    			ValidLoginWinAuthenticate = False
    		End If
    	Else
    		ValidLoginWinAuthenticate = False
    	End If
    	sqlTool.Close()
    
    End Function
    

    At this point I'm stumped. I've checked IIS on the test web server. IIS authentication for this website has everything disabled, except for Windows Authentication, which is exactly what I want.

    I'm using VS 2019. I have no idea what the original developer used; I've never met him

    Thursday, March 26, 2020 10:05 PM

Answers

All replies

  • User753101303 posted

    Hi,

    This is the default behavior. when accessing network resources ie the web site runs using a *local* account and so access to network resources is done using the server name account. See https://docs.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities#accessing-the-network for details.

    You could grant access to this account, a drawback being that ALL sites on this server could access the database. The next option is to create and use a dedicated domain account for each site.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, March 26, 2020 10:49 PM
  • User-900017823 posted

    If I use either the local account or a domain account for this site, then wouldn't that account by what is identified as the logged in Windows user, instead of the user accessing the website?

    Friday, March 27, 2020 7:11 PM