locked
Login failed for user <user> RRS feed

  • Question

  • User2045562847 posted

    Hi All,

    I dont know how to start but all my websites running on webserver are having issue to connect to Sql server (separate machine) since I have decided to do the Windows Authention to log on to sql.

    I have followed http://msdn.microsoft.com/en-us/library/ab4e6cky(VS.80).aspx

    but still getting error. Dont knw what else I need to do. If I put userid/ pwd in my webconfig files, then I m able to connect successfully but I need Windows Auth for all web apps to connect to Sql

    Any suggestions would be appreciated.

    Regards

    Monday, February 22, 2010 11:17 AM

Answers

  • User-823196590 posted

    What Basic authentication has to do with SQL connection.

    Well, you said ...

    I have decided to do the Windows Authention to log on to sql.

    ... so I took that to mean that you want to authenticate your web users and pass their credentials on to SQL Server.

    If you do not wish to authenticate your users and pass them through to SQL, then you're right.  In that case you want to follow the general instructions on how to use the server's local anonymous user account so your ASP.NET code can connect to SQL.

    This MSKB may be more helpful to you:
    http://support.microsoft.com/default.aspx/kb/247931

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, February 22, 2010 1:17 PM

All replies

  • User-823196590 posted

    First off this is mostly an ASP.NET/programming/architecture/application issue.

    That said, IMO Windows Integrated is not a good choice in this instance.  You're probably running into a double-hop delegation issue.  With Windows Integrated, IIS does not actually receive the user's password from the browser (it instaed receives a hash that indicates the user has authenticated).  Because IIS does not have the password it can not then in turn authenticate the user across the network to another machine. 

    So your otions are ...

    1) enable kerberos for use with Windows Integrated

    2) switch to Basic authentication

    3) forget about WIndows Integrated entirely for the db connection and use SQL authentication instead, with a SQL userid and password in your connection string.

    Monday, February 22, 2010 11:54 AM
  • User2045562847 posted

    What Basic authentication has to do with SQL connection. I thought that its IIS authentication for outsiders to access the page.

    The other thing is the aticle doesnt talk about none of the things u mentioned. It only says

    "If SQL Server is running on a remote computer and the Web server is running IIS 6.0, give the Web server's machine account login privileges on the remote computer. The machine account is referenced as DOMAIN\MACHINENAME$."

    Monday, February 22, 2010 12:10 PM
  • User-823196590 posted

    What Basic authentication has to do with SQL connection.

    Well, you said ...

    I have decided to do the Windows Authention to log on to sql.

    ... so I took that to mean that you want to authenticate your web users and pass their credentials on to SQL Server.

    If you do not wish to authenticate your users and pass them through to SQL, then you're right.  In that case you want to follow the general instructions on how to use the server's local anonymous user account so your ASP.NET code can connect to SQL.

    This MSKB may be more helpful to you:
    http://support.microsoft.com/default.aspx/kb/247931

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Monday, February 22, 2010 1:17 PM
  • User2045562847 posted

    I looked into the article and changed my anonymous access setting account to use the domain account instead of local user account of webserver but still couldnt get to sql. Still getting the same error. I know the domain user I added have permissions to SQL.

     

    Monday, February 22, 2010 4:08 PM
  • User2045562847 posted

    I think it was related to configuring the Kerberos Authentication so the identity of user can be flown across the network.

    I came across two articles on how to configure IIS to use kerberos but I m still confused why these two articles are totally different from each other.

    http://krva.blogspot.com/2007/09/configuring-kerberos-on-iis-in-w2k3.html<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p><o:p></o:p>

    http://support.microsoft.com/kb/215383 

    Thanks

    Thursday, February 25, 2010 11:18 AM