Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. #2

Basic setup

  • IIS 6 with ASP.Net 2.0, Integrated Windows Authentication turned on (anonymous turned off)
  • SQL Server 2000 with Windows Only Authentication on (SQL Server authentication turned off)
  • web.config file contains the following relevant entries:
    <identity impersonate="true" />
    <authentication mode=Windows" />
  • connection string:
    Data Source=[server name]; Integrated Security=SSPI; Initial Catalog=[database name];

When I run my query on my development server, it runs perfectly. When I run it on the production server (which is just an exact xcopy of the development web site), I get the "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection" error. I have verified that the settings I listed above are the same on both sites. What else should I check for?

I placed some test code on the page that outputs the current logged on user and the current asp.net user, and everything seems fine (both usernames are the same - the expected domain\username of the impersonated user who logged in to the site), so I don't know why the database would say the user was null. My test code for outputting the user is below:

string

authUserName = User.Identity.Name;
string aspUserName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
Response.Write(
"You are: " + authUserName + "<br/>");
Response.Write(
"This page runs as: " + aspUserName);
0
in10se
3/26/2007 8:40:12 PM
asp.net.sql-datasource 29906 articles. 0 followers. Follow

3 Replies
914 Views

Similar Articles

[PageSpeed] 58

Hi,

 What I'm sensing from your error is that .. Your Web Server and Database Server are physically two separate boxes. Is n't it ?  Then the short Answer is sorry.. You cannot achieve what you are trying until you enable 'delegation'' .

Here is my briefing about what is going on with your app.

When any impersonated Web Application makes a request to IIS server, then IIS Server verifies the user token ,as soon as your client browser(IE) is sends those along with the web request. Once the verification (which involves an windows active directory roundtrip ) is completed, then IIS  transfers that web request to  ASP.NET Runtime , which can see the user's windows token as well . Now ,Inside the asp.net code,if there is a call to an external resource ,like database Server with windows authentication, (which is your case), then same above mentioned  complex  process  of  verification  against active directory will again happen.  That process is called Double Hop issue. Your application is failing on the second verification process.

The second Step of re-authentication will never happen , if  web server/client Browser is in Same Machine.I think that's the case in your development environment. But If Database is on separate machine, then that  machine will reject  your impersonated  Web user, because from database server view point , Web server machine is not a trusted source of token sender and  the active directory has not marked the windows user as delegated one.

So, if you want to go with the path of impersonation with delegation , then it involves various other persons like network administrator  , to buy the concept out. Because delegation some times raises security alarms to network administrators Smile

Interestingly, this double hop issue is continued from Windows NT 4.0 / IIS 4 era.

Here is msdn KB link to address that problem..

http://support.microsoft.com/kb/829868  

following is an MSDN link to give you detail info or pointer to give detail information about your problem.

http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs/ 

 

Good Luck ..

-thank you,

TechieGuys 


softlogger.com
with ASP.NET Aggregation
0
techieguys
3/26/2007 10:33:47 PM

Thank you for the info. I have run into the double-hop issue before when trying to copy uploaded files between servers through a web interface. However, in my original issue, I am still a little confused as to why it works on my development box, but not in production.

The development server and production server are just web servers running IIS. The separate database server only has SQL Server 2000 on it. Both web servers are accessing the same database server (i.e., in this test, there is no development database server - both are accessing the production server). Delegation is not set up for either web server, so why does it work on the development machine?

If the mystery above cannot be solved, would it be easiest to just set up a domain account with access to the database, and then include that account's username and password in the connection string? This has obvious drawbacks since I would have to either set up individual file security for the page, or programmatically check permissions before running the query instead of letting the DB do the work since I don't want just any authenticated web user to be able to run these reports.

0
in10se
3/27/2007 12:54:35 PM

Please find my inline explanation  

in10se:

Thank you for the info. I have run into the double-hop issue before when trying to copy uploaded files between servers through a web interface. However, in my original issue, I am still a little confused as to why it works on my development box, but not in production.

The development server and production server are just web servers running IIS. The separate database server only has SQL Server 2000 on it. Both web servers are accessing the same database server (i.e., in this test, there is no development database server - both are accessing the production server). 

>>>>>>Explanation : It works  on the development Machine , because you are using web browser (I assume IE) from that machine itself. If you would like to reproduce the same error in your development machine ,then log on to some other machine , try to access your website on the development machine.. ASP.NET will show exactly same error like your production.

Delegation is not set up for either web server, so why does it work on the development machine?

>>>>>>>>The answer is again related to the first explanation. If your web Browser and Web server is on the same machine ,  then the Database Connection request to other machine is a Single Hop  , not Double Hop. Thats what mostly the development environments  are.. Smile. Double Hop raises when there is an involvement at least 3 machines , in a web Request context.  Hope I helped to clear your confusion.

If the mystery above cannot be solved, would it be easiest to just set up a domain account with access to the database, and then include that account's username and password in the connection string? This has obvious drawbacks since I would have to either set up individual file security for the page, or programmatically check permissions before running the query instead of letting the DB do the work since I don't want just any authenticated web user to be able to run these reports.

  >>>>>There are various best practices to implement it. Implementation of these practices ,needs considerable amount of effort. I consider using fixed identity for database (using a fixed Database username/password) will be less complex. But, in that case , you have to use authorization (code access security or database driven Role schema )  to restrict your Reports execution . You still can take advantage of asp.net impersonation , for  file system access for individual user groups. Because , if you use fixed database user (not a domain user) , you can encrypt user name password etc. plus you can leave your site as Windows Authentication as it is now.

-thank you,

Techieguy 


softlogger.com
with ASP.NET Aggregation
0
techieguys
3/27/2007 8:10:56 PM
Reply:

Similar Artilces:

[Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Hello All, I'm Getting the following error when calling a dll from my vb.net application. [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. The dll was written in vb6 and accesses a sql db using the following connection string. Public Const GLOBAL_DNS As String = "DSN=TransSrvFinal;UID=sa;PWD=admin;" This DLL works fine when called from other Windows Apps. However I'm now trying to call this dll from with in an asp.net application. I'm using vb.net as the codebehind. I'm a...

2008 IIS7 connection to SQL Server 2000 on Web Server 2000: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
I am setting up a windows 2008 IIS7 web server, and trying to connect to a windows 2000 sql server 2000 database. I have an IIS6 Windows 2000 web server activately connected just fine. I have anonymous and windows authentication enabled. And in my web.config I have identity impersonate="true" My sql server 2000 typically uses the IISUSER anonymous user set up in IIS6 on my original windows 2000 web server. But this new IIS7 is giving me grief. I can't seem to setup the IUSR or IISUSER or anything in it. I can't even use sql server credentials in my connection string altho...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection #2
I realize people have had this problem before. Probably on this very board. But I am up against a wall and none of the solutions I have found online work at all. I have a asp.net 1.x application that sits on an IIS server and talks to an SQL 2000 database on a separate server. It was working fine until about a week ago when all of the sudden I started recieving the following error: "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection" In IIS manager the application is set up in a virtual directory, denies anonymous users, and uses only Integrat...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection #2
Hello,since now we had the SQL Server(2000,SP4) and the IIS on one Windows 2003 Server running. Now we shared both. One Server for SQL Server and one for the IIS. But now we always get this error Message:Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connectionHas anyone an idea how we can solve the problem ? On the IIS Integrated Windows Authentication is activated.GreetingsBN...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Came in this morning and im getting the following error in our Provisioning tool. This was working as of yesterday and no changes were made to the web.config file. Ive failed over the cluster on the sql servers and also restarted the provisioning engine. Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. The SQL server is setup for mixed mode authentication and ive opened my web.config file with visual studio and can make a connection with the same sql user and pass thats in my web.config to the proper databases.  The provisioning se...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
hi all. This is my first web form,and I am trying to conenct to a table in Ms SQL Server. when I run my program I got the followin error message: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. I am using windows 2000 authentication. How can I fix it ? Thanks jsn hello, u need to privde a username and password for the SQL server that you are using !!!Bilal Hadiar, MCP, MCTS, MCPD, MCTMicrosoft MVP - Telerik MVP 1. Open IIS, right-click on the virtual directory for your site and click on Properties. 2. Click the Dire...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Hello, I have installed DotNetNuke on my computer and did everything they said in the Configuration. But when I want to start http://localhost/DotNetNuke I receive an error: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. What is this. There is a Datavbase called DotNetNuke in SQL-Server gr. miles You have to have a user assigned to the database and use those credentials in you connection string (web.config)...~ChrisNet Data Design706Horsman.us This is a sql/msde authentication issue. Your web.config is using windows authent...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection
Dear All,I am trying to establish a connection to my SQL Server which is on the Remote machine. My ASP.Net application is on the local machine. Below is my connection string: <appSettings><add key="NorthConn" value="server=ABC;integrated security=sspi;database=Northwind"/></appSettings>The North wind Database has the following user accounts:1) ABC\ASPNET2)ABC\IUSR_ABCboth of these accounts have permissions granted to them.My SQL Server has both Windows and SQL Server authentication checked. I checked the properties of my  web project in IIS  and it has both Anony...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
After sucessful installation of portal Starter kit, Portal Database was created and portaluser was the new login created. but when i tried to access the portalVBSDK on my PC this error is displayed. Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Login failed for user '(null)'. Rea...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
This code is giving me this error using System; using System.Configuration; using System.Data; using System.Data.SqlClient; using System.Text;     namespace WebApplication1 { /// <summary> /// Summary description for WebForm1. /// </summary> public class WebForm1 : System.Web.UI.Page { private void Page_Load(object sender, System.EventArgs e) { SqlConnection con; string sql; SqlDataAdapter adExisting; //con = new SqlConnection("Data Source=slon12d11012";User ID=nnichol1;); //con = new SqlConnection("Initial Catalog=DACari;Data Source=slon12d1101...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection
I dont believe that no one can help me in this damn error,Please, I'm gonne lose my job offer If I didnt fix this. I have spent 7 days searching with no use !! I use ASP.NET 2.0 with C# to develop an intranet site, it was working perfectly when i was on Visual Studio, when i tried to publish the site it gave me that error. Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. the web application on IIS server, windows 2003 - the database on a different server windows 2003, sql server 2000. Regaeding that we have proxy server, one fi...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
Can anyone tell me why I get this error message and how to fix it? Thanks, Scott I would guess that it is because your SQL server is set up for windows authentication rather than mixed mode, and that your ASPNET account doesn't have a corresponding SQL server account. Jeff MartinMCSD C# .NEThttp://www.jeffmartin.com I found this method of changing modes on another site, and it helped me a lot. You can change the authentication to "SQL Server and Windows" by changing this registry setting: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\MSSQLServer LoginMode = ...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection
Hi i installed msde with follwoing attributes for a project DotnetNUke..C:\sql2ksp3\MSDE\>Setup.exe SAPWD="password "INSTANCENAME="DNNV3" SECURITYMODE=SQLin my web.config file here is what i am using==><appSettings>    <add key="SiteSqlServer" value="Server=(local);Database=DNNV3;uid=;pwd=password;" />   but i am getting below error...can anyone PLEASE help me on this.thanks a lotInstalling DotNetNukeUpgrade Error: ERROR: Could not connect to database specified in connectionString for SqlDataProvider   ---------------------------------------------...

Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
 Hmmm.... I have been developing a site on my local machine and it all works there. When I push it to the web-server it does not. I have used connection strings in my web.config file that look like this (the names have been changed to protect the innocent.. or me...) <add name="TDemoSiteConnectionString" connectionString="Data Source=192.168.8.37;Initial Catalog=TDemoSite;Persist Security Info=True;User ID=TDemo;Password=fred" providerName="System.Data.SqlClient" /> When I call a table adapter I get the error 'login failed for user null'. W...

Web resources about - Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. #2 - asp.net.sql-datasource

The Definitive Guide to All the New Year’s Eve Celebrations by Channel
Tonight in New York City, the eyes of the world will be eagerly watching as just about every major television network will be carrying a broadcast ...

Bill Cosby's Lawyer Says His Felony Charge Is Thanks to 'Political Football'
Leaning on a cane and his lawyer Monique Pressley, a sweater-clad Bill Cosby arrived at a Pennsylvania courthouse Wednesday, where he was arraigned ...

‘Affluenza Teen” Mom Tonya Couch Formally Arrested In Los Angeles, Seen In Cuffs
At least one member of the Couch family will face charges for running off to Mexico. Affluenza Teen mom Tonya Couch was arrested when she was ...

Microsoft Will Warn You of Government Snooping
USA TODAY Microsoft Will Warn You of Government Snooping ABC News A logo sits outside the Microsoft pavilion during the second day of the ...

China Builds Second Aircraft Carrier As South China Sea Tensions Mount
China is building a second aircraft carrier as tensions over a maritime dispute in the East and South China Seas heats up. The new aircraft carrier ...

Pizza Rat Resolutions: Eat Healthier In New Year
Submitted by: (via zoë greenleaf ) Tagged: rat , lettuce , eating , Video Share on Facebook

Allegiant Air Flight Makes Emergency Landing in Tennessee
Allegiant Air flight makes emergency landing at Tennessee airport; no injuries

California Shooter's Friend Indicted on Gun, Terror Charges
Indictment of man tied to California shooters alleges weapons deception, terror conspiracy

Two of Ben Carson’s Aides Resign Amid Reports of Campaign Tension
Ben Carson campaign manager Barry Bennett and communications director Doug Watts resigned today, Des Moines Register ‘s Jennifer Jacobs reports. ...

Record flooding shuts down I-55 near St. Louis
Chicago Tribune Record flooding shuts down I-55 near St. Louis Chicago Tribune An unusual outbreak of December tornadoes and other violent ...

Resources last updated: 12/31/2015 8:12:13 PM