locked
Use App Pool identitiy in ODBC RRS feed

  • Question

  • User-273081737 posted

    I have a classic ASP site set up on IIS7.  I have set the site to use Windows Authentication (it is an internal system only) and an app pool with an custom account identity which also has access (dbOwner) to the db required.  The ODBC is set to use 'With Windows NT authentication using the network login ID.'  This works fine when testing my site logged onto the web server, but when i test remotely I get the error:

    Microsoft OLE DB Provider for ODBC Drivers

    error '80040e4d'

    [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

    /site/include/DataInterfaceSQL.asp, line 48

    Initially I set the Web App to use Anon Access, but this didn't work locally either!  What I want is for anyone to look at the site and for the odbc to use the App Pool identity as the authentication for the odbc/db.  Where am I going wrong?

    cheers

    Wednesday, January 25, 2012 10:56 AM

Answers

  • User-1499466209 posted

     Ok, so I think I got it : you have to disabled ASP.NET Impersonation, and maybe (if your application is classic ASP to enable 'Basic authentication')

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, January 26, 2012 8:17 AM
  • User-273081737 posted

    After A LOT of reading and playing around I have found the solution!  When converting to a web app, i set the Connect as... option to use a specific user (the same account I was trying to get the App Pool to use) and hey presto!

    Thanks for all your input! :)

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, February 3, 2012 9:50 AM

All replies

  • User-1499466209 posted

    Hi,

    Both IIS server and SQL server are they members of the same domain?

    The application pool identity is it a domain account?

    Wednesday, January 25, 2012 11:31 AM
  • User-273081737 posted
    Yes, yes and yes :)
    Wednesday, January 25, 2012 11:41 AM
  • User-1499466209 posted

     hum... And of course, when you get the 'Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'' error, you were authenticated?

    Wednesday, January 25, 2012 11:46 AM
  • User-273081737 posted
    Well i'm logged onto a machine so I presume so!
    Thursday, January 26, 2012 5:23 AM
  • User-1499466209 posted

     I'm talking about authenticated on the website

    Thursday, January 26, 2012 5:34 AM
  • User-273081737 posted
    Sorry - the website doesn't require authentication, only the account accessing the db (ie the app pool identity).  I originally tried Anon Auth but this failed locally.
    Thursday, January 26, 2012 6:40 AM
  • User-1499466209 posted

     Ok, so I think I got it : you have to disabled ASP.NET Impersonation, and maybe (if your application is classic ASP to enable 'Basic authentication')

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, January 26, 2012 8:17 AM
  • User-273081737 posted

    ASP.NET Impersonation was already disables for this web app. The app is a classic asp so i enabled Basic authentication and it now works - cheers :)

    HOWEVER.......

    I have two server which should be identical, but for some reason, when i go to the IIS settings for this web app on the second server, there is no ASP.NET section in the window. This may not be important, but the ASP Authentication options are also different (there is no Impersonation option) and I can't get this server to work as I have the first - it still has the error regarding Anon Logon - what's happened here?!<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

    Thanks for your ongoing help :)

    Friday, January 27, 2012 7:07 AM
  • User-1499466209 posted

    when i go to the IIS settings for this web app on the second server, there is no ASP.NET section in the window.

    If the .NET framework is not installed on this server, it seems to be normal.

    the ASP Authentication options are also different (there is no Impersonation option)

    Same answer that above

    I can't get this server to work as I have the first - it still has the error regarding Anon Logon - what's happened here?
    hum weird... Do yçou have something specific in the event log for this server?

     

    Friday, January 27, 2012 8:27 AM
  • User-273081737 posted
    The framework is installed - oddely, other web apps do have the asp.net section!  nothing specific in the event logs either!
    Friday, January 27, 2012 9:22 AM
  • User-1499466209 posted
    Ok, and what about the application pool used for the webbapp without the ASP.NET tab? Maybe you've selected "No managed code" in the '.NET Framework' section?
    Friday, January 27, 2012 9:31 AM
  • User-273081737 posted

    Sorted that issue - I did select no managed code and had tried asdding that back, but you need to delete the web app and start again for this change to take effect!

     HOWEVER (again!)

    Back to the original issue - I was a little hasty in saying it now worked!  I must have added my credentials when prompted at some point, which is why it appeared to now work as required, but now I have closed my browser and reopened, I get prompeted to log on (as do all users) whic is not required for this system!  Any more ideas?

    cheers :)

    Tuesday, January 31, 2012 5:25 AM
  • User-1672167363 posted

    Hi,

    Running Classic ASP Applications: "Use App Pool identitiy in ODBC" the IIS Net Guides":

    At first glance the "error '80040e4d'  then a quick glance of the guides could make this easier to fix :D.

    Back to the orginal issue: http://learn.iis.net/page.aspx/563/using-classic-asp-with-microsoft-access-databases-on-iis/  Databases.

    http://learn.iis.net/page.aspx/727/classic-asp-applications-on-iis-overview/ IIS Overview.

    A new Tool FRT http://learn.iis.net/page.aspx/565/using-failed-request-tracing-to-troubleshoot-classic-asp-errors/ for the errors.

    Regards,

    Martin

    Tuesday, January 31, 2012 5:33 AM
  • User-273081737 posted

    HCamper

    Thanks for the links, I have had read of them and am still a little confused!

    I have a classic ASP site with a SQL Server 2005 database.  The website requires no authentication.  The Site connects to the db using an ODBC connection.  I have given the web app it's own app pool with it's own network account, which has also been given access to the db. I have set the odbc to use Windows NT authentication.

    What i thought happened was if i set the site to use anon access the odbc would use the account that the App Pool was set to use.  Is this not correct? Am I thinking about this the wrong way?

    cheers

    Tuesday, January 31, 2012 10:35 AM
  • User-1672167363 posted

    Hi,

    The Topic is " Use App Pool identitiy in ODBC" Trouble Shooting problems and Issues" 

    change is using "SQL Server 2005  Database Engine and the database access. Security and integrity and IIS Server the changes".

    The Web Site connects to the Database using ODBC and via  DNS connection using connection strings for the logons

    and access to the User Data in the Database".

    There are issues for Windows Systems X86 or X64 and the drivers being used.

    The connection string is used by IIS Server for access to the database and provides the logon access.

    Using the Application Pool is a new feature for Security in IIS Server it helps with the Security and the accounts used.

    The old SQL Server Access on  IIS 6.0 server was to use the Network Service account which is still supported.

    The Web Site requirements are different than SQL Server 2005 Database Engine and access to the database.

    You will have problems with Anonymous use for SQL Server 2005 and access to the database.

    Using the Application Pool is for the Local System on Windows and the local IIS Server.

    The problems your dealing with are common and there are IIS Forums posts that may never resolve the problems

    and understanding.

    Please take a look at information for SQL Server and the Database Engine problems and issues:

    http://blogs.iis.net/bills/archive/2009/10/07/error-connecting-to-sql-server-from-windows-7-windows-2008-r2-with-asp-net.aspx 

    "Error connecting to SQL Server from Windows 7 / Windows 2008 R2 with ASP.NET"

    http://support.microsoft.com/?kbid=2002980 "Problems with SQL Server Express user instancing and ASP.net Web Application Projects"

    If you need more information from IIS Forums post or the SQL Server Blogs let me know.

    This can be confusing it depends on which one of  many possible  roles:

    Role as IIS System Admin or Role as SQL Server DBA Admin or as Role for Developers or Role for Windows System Admins

    and the tasks and permutaions can get rather large and dauting.

    Regards, 

    Martin

     

     

    Tuesday, January 31, 2012 11:08 AM
  • User-273081737 posted

    After A LOT of reading and playing around I have found the solution!  When converting to a web app, i set the Connect as... option to use a specific user (the same account I was trying to get the App Pool to use) and hey presto!

    Thanks for all your input! :)

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Friday, February 3, 2012 9:50 AM