70-305, Chapter 5 (ADO): Login failed

Discussion in 'MCSD' started by Irene, Feb 11, 2004.

  1. Irene

    Irene Guest

    Hello,

    I'm studying for the 70-305 exam, using the MS Self-Paced
    Training Kit.

    For Chapter 5 (ADO.NET), I cannot execute the samples
    from the companion cd (nor my own code), I get the
    following error:
    Server Error in '/MCSDWebApps2/MCSDWebAppsVB'Application:
    Login failed for user 'TOSHA\ASPNET'.

    I have installed SQL Server MSDE. In Visual Studio, I can
    connect to the 'Contacts' DB (installed from the
    companion cd) in Server Explorer, and in Data Link
    Properties I'm logging on to the server using Windows NT
    Integrated security. I am not able to use a specific user
    name and password, then "Test Connection" fails
    'because of an error initializing provider. Login failed
    for user 'ASPNET'. Reason: Not associated with a trusted
    SQL Connection.

    Do I need to set up an ASPNET user account somewhere? How?


    Thanks,

    Irene
     
    Irene, Feb 11, 2004
    #1
    1. Advertisements

  2. Irene

    UAError Guest

    You need to grant the ASP.NET worker process access
    to SQL Server, the data base and any database access

    First you need to start osql.exe found in

    C:\Program Files\Microsoft SQL Server\80\Tools\Binn

    i.e. osql -E


    To grant access issue the following command:

    EXEC sp_grantlogin [machinename\ASPNET]
    GO

    where machinename should be the "Full computer name"
    which can be found on
    Control Panel -> System -> Computer Name

    then make the Contacts database current with

    USE Contacts
    GO

    Grant ASPNET access to the database:

    EXEC sp_grantdbaccess [machinename\ASPNET]
    GO

    then grant ASPNET rights to any object it might need
    e.g.

    GRANT SELECT ON dbobject TO [machinename\ASPNET]
    GO

    where dbobject is a table, view, etc.

    in general grant ASPNET only the (minimal) rights
    it needs to get the job done.


    get

    SQL Server 2000 Books Online (Updated - SP3)
    http://www.microsoft.com/downloads/...a6-bcf4-45a6-a2e2-f6ab5be3ef12&displaylang=en

    for the SQL Server documentation.
     
    UAError, Feb 12, 2004
    #2
    1. Advertisements

  3. Irene

    Irene Guest

    Thank you so much for your spot-on advice!

    Steps 1 - 3 I could easily follow, but Step 4:

    1> GRANT SELECT ON dbobject TO [TOSHA\ASONET]
    2> GO

    failed with: Invalid object name 'dbobject'. - Any idea?


    Thanks,

    Irene
     
    Irene, Feb 12, 2004
    #3
  4. Irene

    Kumar Reddi Guest

    OK. I am not trying to belittle wht the other guy said, but I think there is
    another workaround, without doing all this..

    Assuming you are administrator of the machine...
    open the machine.config file usually located at
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG

    find the following xml element
    <processModel enable="true" timeout="Infinite" idleTimeout="Infinite"
    shutdownTimeout="0:00:05" requestLimit="Infinite" requestQueueLimit="5000"
    restartQueueLimit="10" memoryLimit="60" webGarden="false"
    cpuMask="0xffffffff" userName="machine" password="AutoGenerate"
    logLevel="Errors" clientConnectedCheck="0:00:05"
    comAuthenticationLevel="Connect" comImpersonationLevel="Impersonate"
    responseDeadlockInterval="00:03:00" maxWorkerThreads="20"
    maxIoThreads="20"/>

    modify the username element as "SYSTEM" instead of the deafult "machine".

    close the machine.config file with the changes saved.. and restart the IIS
    by running the command "issreset.exe" using Start->Run

    I think it should be work.. let me know if it doesnt



     
    Kumar Reddi, Feb 12, 2004
    #4
  5. GRANT SELECT ON dbobject TO [machinename\ASPNET]
    Some times you must read few sentences more : )
    Regards,
    Daniel

     
    Daniel Joskovski, Feb 12, 2004
    #5
  6. Irene

    smitapai Guest

    What is this self paced kit u are talking about, can you
    pls let me know how to get that.
    thx in adv


    in '/MCSDWebApps2/MCSDWebAppsVB'Application:
     
    smitapai, Feb 13, 2004
    #6
  7. Irene

    Kumar Reddi Guest

    Kumar Reddi, Feb 13, 2004
    #7
  8. Irene

    Guest Guest

    Sorry,

    Stupid question, please disregard! 'dbobject' is your
    meta term as you explained perfectly well in the bottom -
    I just overlooked it!

    Thanks again for your immediate help!

    Irene
     
    Guest, Feb 13, 2004
    #8
  9. Irene

    UAError Guest

    There are lots of unsavoury types now just aching to find out if you helped
    to configure some mission-critical production web servers out there.

    Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp

    Page 171
    <Quote>
    Avoid Running as SYSTEM
    Don’t use the highly-privileged SYSTEM account to run ASP.NET and don’t grant
    the ASP.NET process account the “Act as part of the operating system” privilege.
    You may be tempted to do one or the other to allow your code to call the
    LogonUser API to obtain a fixed identity (typically for network resource access).
    For alternate approaches, see “Accessing Network Resources” later in this chapter.
    Reasons for not running as SYSTEM, or granting the “Act as part of the operating
    system privilege” include:
    - It significantly increases the damage that an attacker can do when the system is
    compromised, but it doesn’t affect the ability to be compromised.
    - It defeats the principle of least privilege. The ASPNET account has been specifically
    configured as a least privileged account designed to run ASP.NET Web
    applications.
    </Quote>

    You should at least follow up with a disclaimer to never do this on a production
    web server.

    Hmmm... maybe Microsoft should make 70-330/340 mandatory for MCAD/MCSD.NET.
    http://www.microsoft.com/learning/exams/70-330.asp
    http://www.microsoft.com/learning/exams/70-340.asp

    I'm just trying not to get anybody into any bad habits and might as well get started on
    that 70-229 preparation anyway.

    ;-)
     
    UAError, Feb 13, 2004
    #9
  10. Irene

    Kumar Reddi Guest

    Thats a good piece of advice.. Thank you.. I am not a seasoned asp.net
    programmer.. Just saw this solution some where on the web when i ran into
    this problem and thought its ok..I would try not to suggest this approach to
    any new poster..

    I do agree that microsoft should make Security exams mandatory for
    MCAD/MCSD..
    Thanks again..
     
    Kumar Reddi, Feb 13, 2004
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.