First off, I can connect to both databases with SQL Server Enterprise Manager, so I know the servers are up and available. One of them is SQL1, the other is SQLTEST.
In my program when I use the following connection string, it work connects just fine:
conn = New DBConnect("Data Source=SQL1;Initial Catalog=SignInspection;Integrated Security=SSPI")
However, if I change SQL1 to SQLTEST the connection times out I don't get any errors other than the timeout error.
I can run the profiler on SQLTest and see that it is most definitely NOT even attempting to connect. Nothing happens at all, not a peep, nor hellow.
Any ideas? Thanks
EDIT:
Well, it's a moot point now because I got authentication working properly on our SQL1 server.
I'll post the configuration here so perhaps someone else can benefit.
First off, the web server is running IIS and .NET. Users are logged in to the intranet using Active Directory, and the .NET page needs to retrieve their log-in credentials (username most notably). The database is SQL Server 2005, running on a different machine. But the .NET app needs to impersonate as another user to connect to the database.
To successfully do both of these things go to Windows > Run, enter inetmgr and hit run. Navigate to the site and right click > properties, then click on the tab titled Directory Security, click Edit.., make sure only Integrated Windows Authentication and Digest authentication are enabled. Enter your proper AD realm and click OK. Apply the settings/hit OK.
In web.config you need the following lines
<authentication mode="Windows" />
<identity impersonate="true" username="myDomain\MyUserName" password="123mypasswordgoeshere">
replacing, of course, myDomain\MyUserName and 123mypasswordgoeshere with the username and password that has login rights on both your domain and your sql server. The connection string can probably be modified, but this is mine and it works:
Server=SQL1;Database=SignInspection;Trusted_connection=True;
These are the steps that worked for me and hopefully they'll be of use to someone else.
When you connected with the enterprise manager, was that from the same machine as you're running the VB.Net code on?
Otherwise, it can be quite a few things, ranging from firewall or DNS as mdma mentions to being setup with the wrong network protocol or maybe not accepting remote connections.
This article contains a list of things to look at (it's for SQL 2000 but it's something to get you started at least).
The obvious question - does SQLTEST have a database called "SignInspection"? Also do you log on to SQLTEST via SQL Management Studio using Windows Authentication or SQL Authentication? I would expect if either of these were the problem you would get an exception, but its worth checking.
Related
I am building a test web application in asp.net core and I have hosted my site from laptop. Everything seems good but when I go to access any database related page the page just loads for a bit until it gives me an error and prompts me to go developer mode to see more relevant information(which I can't because the site is not on localhost it is on the web). I tried to change my connection string to different iterations it did not work, the site works locally with IIS express. Frankly I do not know what to do the documentation seems to be not existent so I would appreciate your help. You can test the website at http://digital60.ddnsking.com/.
The connection string in use is:
"ConnectionStrings" : {
"Default": "Data Source=DESKTOP-BULSITK\\SQLEXPRESS;Initial Catalog=TimsDinerDB;Integrated
Security=True;Connect
Timeout=30;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False"
}
The database related pages are Create Order, List Foods, List Orders
This setup as mentioned previously works locally but when I host my site on the web it just does not connect, the hosting occurs from laptop in both cases(no change of OS or hardware on anything). I cannot post all the code of the test site here but if it is necessary I could put all the code in github, but I do not thing this is the problem.
Ok so after a lot of hours I fixed it, I am not exactly certain what fixed it but I believe it was probably my changes on the connection string,
So the final connection string was:
"ConnectionStrings": {
"Default": "Server=.\\SQLExpress;Initial Catalog=TimsDinerDB;User Id=sa;Password=[Password];Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False"}
}
you have to first activate the sa(server administrator) user from sql server for this one to work, and fill the password with the password you add to the sa user. I will try to see if it can be done with other users too. Other change I made was in security to add the IUSRS permissions to read write and modify but I am not certain if that was necessary.
I have made application ASP.NET C# and my connection string is as follows:
<add name="ASPNETDB" connectionString="Server=tcp:MYDATA.database.windows.net,1433;Database=MYDATA;User ID=MYDATA;Password=MYDATA;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;" providerName="System.Data.SqlClient" />
Now it doesn't work at all, I mean I can't connect to my SQL server on Azure at all. When I want to login nothing happens, when I want to register nothing happens too. I get exception when I press to update DB, ie Publish->Settings-> Check box "Update database" Configure database updates . It seems to me that it doesn't work at all. The exception is of following type:
Error 22 Web deployment task failed. (Could not deploy package.
Unable to connect to target server.
Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_EXECUTING_METHOD.) 0 0
What should I do? Please help?
I would recommend logging into the azure management portal and re downloading the publish profile for the application. If you are not working using a publish profile , then at least re download the connection string that is setup for the app and the DB. while in there check that the application (web site or VM) is up and running, and that the database it is connected to is also up and running.
I had to set firewall rule 0.0.0.0 to 255.255.255.255. Even though my firewall rule was set for my address, somehow it didn't register, because communication was relying to my website-DB and ip address of my website wasn't included there too. So I put rule as said before and now it works like a charm. :-)
I'm just in the process of trying to properly configure asp.net 4.5 on our IIS servers.
I have been able to navigate and launch an ASPX page that contains no data conenctions sucessfully so I know that the application pool authentication to the local directories is working as it should.
Now though I have a seperate SQL server that is connected to the domain and have a connection string stored in the code that connects the ASPX page to the server using a trusted connection. When running in visual studio debug mode, the connection works fine - but at that point I assume it is using my login credentials.
My question is, when a user calls the aspx page via the browser when hosted on the new IIS7 server, which account is used to call the SQL server when using a trusted connection? - Is it the end users or is it a local account from the IIS server?
When I call a page with data connections embedded I get the error: Login failed for user ADMIN\PCNAME$ ... which is an indication that this is the account that it is using. However this account doesn't exist on the domain that I'm aware of. - Or does it ?!
Thanks in advance,
It will use the account that ASP.NET is running under, as you've worked out. What you usually should do is create a Domain Account (with the right privileges) and run your ASP.NET AppPool under that account. Then a Trusted Connection will use that account for connecting to the database, and as long as you've given it access (which as a Domain Account you can do) it should all work.
Added:
After some back and forth on comments, lets go back to the start: set the new AppPool to run with the domain users account, and recycle the AppPoolo. What is it that says the password is wrong? If it's IIS trying to start the AppPool, then it is extremeny likely that the Password you gave the AppPool IS wrong, or else that the password is set to change on first logon.
If its not IIS, but opening a Database connection, are you sure that the database allows this Domain Account access to the database and the tables within it it will need? What roles have you assigned to this account? Also, what SQL statement is it trying to execute (if it's got far enough to try and execute a statement at all)?
I suggest you put any response in you original question - comments get to be a drag if there are too many of them.
There is a long back story to this, but to summarize I am trying to create a SQL Server connection in my VB program to automatically run some queries and display results. I have been able to do this easily when the server is on my network in the past. Now my company is moving to a hosted server and I am running into issues.
I can successfully connect to the server using SSMS when I use the RUNAS command:
runas /netonly /user:[network domain]\[username] "C:\Program Files (x86)\Microsoft SQLServer\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"
But I can't figure out how to set the VB program SQL connection string in similar fashion.
I know I can use Integrated Security = SSPI to specify Windows Authentication, but I need to pass the username and password as well, along with the network/domain information.
When I try to do this I get a "Login Failed for User..." message or "The Login is from an untrusted domain and cannot be used with Windows authentication" with Integrated Security=SSPI.
There is something about Windows Impersonation but I haven't been able to get a grip on how it would work here.
If this is possible the changes need to be almost entirely on my end, as the hosting company is very ...picky... about making any changes to their environments or settings.
I appeal to the wisdom of the internet for answers!
Extra Facts:
SQL Server 2008, Windows 7, Microsoft Visual Studio 2013, Windows Form Program
There is a good knowledge base article about that for ASP.NET, but I think the code solution also works on other platforms:
Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity, System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
'Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo()
Inside, you can run you connection with SSPI defined as you normally would.
So here's a bit of context for the horror story:
Win 2003 SP2 64bit running on a VM exposed to outside world for web access.
SQL Server 2008 Std SP2 64bit with Reporting Services (RS) installed for native mode (i.e. not sharepoint mode).
IIS 6 .NET 3.5 web site app written to use the web services from RS. The site has been set to use Windows Authentication and nothing else.
To save writting custom authentication since I don't need it for this demo I have set-up a local account in Win 2003, i.e. servername\myDemoUser, effectively allow fake Windows Authentication.
Default.aspx lists folders on RS and the reports from each folder. It also has a link to the Report Builder 2 on the server.
The rsreportserver.config has been changed so that the only <AuthenticationType> is <RSWindowsNTLM> since <RSWindowsNegoiate> can't work since it's across the internet and users will not be on the same network (hence the local account myDemoUser).
The web site app has url of the form: http://mysite.mydomain.co.uk/ and the link on it to the Report Builder is of the form: http://mysite.mydomain.co.uk/services/reportbuilder/reportbuilder_2_0_0_0.application, in this case RS has been configured so the Web services virtual directory is "services".
The web.config for the website app has been set to <identity impersonate="true /> for <locations> for the ASPX pages that access the RS webservice. I even added a <location path="services/reportbuilder"> with the same thing and also to allow anonymous users.
So after all the above I go to the site from a machine that isn't on the network, I get prompted by IE8 for username/password and I enter servername\myDemoUser and the correct password. The homepage is displayed and correctly shows the list of folders and reports from RS. HOWEVER if I click the RS report builder link I get the pop window saying it's doing it's clickonce verfication stuff but after a couple of seconds it shows simple message box saying there was an authentication error. The details button then shows a text file with a bunch of stacktrace stuff in which eventually says that the server returned 401 while accessing the .application file mentioned above.
I turned on failure auditing for logins on the Win 2003 VM and I can see that when the clickonce fails it is trying to use the local machine account I logged into on the external (to my network) machine instead of the credentials I entered into the browser on that machine when testing it.
Much Googling and granting of permissions to Network service, everyone etc... on various folders involved later nothing the Report Builder bit just won't install via clickonce due to permissions or the incorrect use there of.
I'm looking into maybe changing something in the RS to try and grant permissions to the report builder to anonymous but at this point I'm pretty pessimistic that I'll actually find anything. The annoying thing about this is that this a test that doesn't represent the final thing (we'll be using custom authentication in RS) but unfortunately I have to do it, 8(.
Any ideas would be most appreciated.
It turns out that when using fake Windows authentication in this way when the machine you are accessing the site from a machine where you have not logged into the domain then clickOnce won't work because it won't pass the details you enter into the browser as found.
So the solution is to:
1) Log into a (any) domain on the machine that is going to access the clickonce link on your site.
2) In Control Panel go to User Accounts (XP)/Store Users and Passwords (Win 2003), and manage the network passwords for a user (XP) and add in the URL, username and password.
Whenever clickonce fires up for this URL it will pass the username/password specified as opposed to the local machine account.
Either of the above will solve this problem.