Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
HCLollo
Starting Member
49 Posts |
 Posted - 2005-08-25 : 05:07:54
|
*Bow to all the gurus out there*How it's possible to associate a trusted connection to a user? Itried setting up SQL Server users and Windows users, giving themall possible combos of authorizations, and still when I try toconnect using one of them via Query Analizer I always end up withsomething on the line:quote:
"Server: message 18452, level 16, state 1[Microsoft][ODBC SQL Server Driver][SQL Server]Impossible to log onuser 'mwawa'. Reason: user is not associated to a SQL Server trustedconnection"
Probably that's not what you always get, because I've translateddirectly from Italian, but all the juice should be there...I even tried the sa!  The main reason to solve this is that the server has beenreconfigured, and my ASP application that was working greatly nowgoes no more, and all the problem is in the connection string. Ithink the technicians changed the authentication method on theserver, enabling the Active Directory.Thank you all in advance,HCL |
|
|
HCLollo
Starting Member
49 Posts |
Posted - 2005-08-25 : 06:24:41
|
Kinda solved, I just set the "Anonymous Connection user" in theWeb Site IIS manager to the one I set up in SQL Server to accessthe DB I'm interested into; I'm not that sure it's the right wayto go, but since it's an internal server for an internal app, atthe moment it's fine... HCL |
 |
|
|
yoja
Starting Member
1 Post |
Posted - 2005-09-01 : 01:50:55
|
| hi HCLCould u help me a bit further on this..I also get similar error message but Strangely enough i am able to connect throught SQL Enterprise manager and Query Analyzer but not thru ASP code.. |
|
|
|
HCLollo
Starting Member
49 Posts |
Posted - 2005-09-01 : 06:03:46
|
Hi yoja!Ok, I'll try to condense the steps I followed here, though theyassume you can put your hands on the db, or at least have someonethat can on your behalf.Bear also in mind that for now I'm using this on a dev/test box, soI haven't yet considered any security issues (anyone?  )...- Find which user is used to connect anonimously to the web pages in IIS, usually DOMAIN\IUSR_SERVER
- Add the aforementioned user Protection->Accounts, using Enterprise Manager for example
- Set the proper restrictions and database accesses
Hope this is clear enough.For me, I changed the default IIS user to a specifically created one,since I run the dev on a dedicated web service, and added him to theDB using the procedure descripted. Also, I gave him DB owner permsregarding the one needed for the app to work, though I plan to checkwhich are really needed and stick to those.HCL"If it works fine, then it doesn't have enough features" |
|
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2005-09-01 : 06:42:14
|
| To use integrated security from the client you have to configure iis to use kerberos (works under .net and 2003 anyway) otherwise it will run your server based code under the iis service account.Integrated security just delegates the security checking to the caller (not the originater). Unfortunately this gets broken by iis under it's default install.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
|
|
|
|
|
|
|
|
Trusted connections