Authentication to server

Question

0.00/5 (No votes)

See more:

Hello all,

I have been trying to figure out why I am logged as [ServerName]/Guest to the SQL server. I am trying to connect to the db and do some actions but due to being logged as Guest, it is avoiding me to do the proper actions.

My connection string is used to be:

CONNECTION_STRING = "Server=SERVER2\\SQLEXPRESS; Database=RMA_DB; Trusted_Connection=True;"
when I use this I am logged as Guest but when I add a valid user name and a password I am not logged in as Guest anymore. I am logged as a the username that I provided.

for that my connection string is;
CONNECTION_STRING = "Server=SERVER2\\SQLEXPRESS; User Id=[userid]; Password=[password]; Database=RMA_DB; Trusted_Connection=False;"

As far as i know the main reason behind this is;

Enabling impersonation causes ASP.NET to make the request to the SQL Server as the name of the user currently running. Using impersonation works if anyone who hits the site has Windows credentials. While I am testing, that works but when I am going to create a site that people might get to via the Internet, though, then impersonation won't work, because users won't have credentials. In that case, I shouldn't use impersonation.

In another web application that I previously used, the connection string without the username and the password is working perfectly fine tho. What I dont understand why this app can able to connect without the username and password in the server? What I am missing can someone explain?

Posted 12-Aug-11 8:07am

Orcun Iyigun

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wendelius · Answer 1 · 2011-08-12T08:24:00

Solution 1

When you use trusted connection without impersonation in the asp.net you will log in to the SQL Server with the credentials of the running process. Seems that the credentials don't have access to the specific SQL Server database so guest is used.

Using Management studio you can check the credentials that are used against SQL Server, for example from activity monitor. Now check that either:
- the credentials that are used is listed as the database user in the desired database (and of course as a login in sql server)
- or include those credentials to a windows group that has access to the database

Side note: For security reasons I would disable the guest account...

Posted 12-Aug-11 8:24am

Wendelius

Comments

Orcun Iyigun 12-Aug-11 18:25pm

Thank you for your response I will look deeper into that. Yes disabling the guest account seems like a good idea. For now I am giving a 5 once I totally figure out the problem if it matches your answer I will mark it as a solution.

Wendelius 13-Aug-11 2:43am

Thanks, drop a line if something comes up :)

Orcun Iyigun 13-Aug-11 3:39am

i provided the solution which is fairly easy and missed out to check it on win7. the option for asp.net impersonation was disabled so i enabled it and worked like a charm..

Wendelius 13-Aug-11 3:50am

So you want to use impersonation, Okay then there should be no problem doing it the way you have described. Glad you got it solved :thumbsup:

**Orcun Iyigun** · Answer 2 · 2011-08-12T21:37:00

The solution for me is kind of simple and missed out to check if the asp.net impersonation is enabled or not in IIS. With this connection string "CONNECTION_STRING = "Server=SERVER2\\SQLEXPRESS; Database=RMA_DB; Trusted_Connection=True;" it worked, to do this I followed these steps;

*Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI.

*In Features View, double-click Authentication.

*On the Authentication page, select ASP.NET Impersonation.

*In the Actions pane, click Enable to use ASP.NET Impersonation authentication with the default settings.

seems easy but to figure this out i have spent couple hours. i hope this answer save others time :)