Can't use forms authentication when using IIS

T

Tony Johansson

Hello!

I do some exercise from a book which work if I run from VisualStudo(VS)
but doesn't work when run from IIS.
This exercise will use forms authentication

Here is some background information:
I use windows XP pro with a Sql Server express 2005 database.
I have also Sql Server Management Studio Express

Here is what I have done
*******************
I have created a file system web site named Northwind that is using
Development Web server.
In this web site I have created the following files.
A LoginForms.aspx and LoginForm.aspx.cs with one Login control from the
Login category from the toolbox..
A CustomerData.aspx and CustomerData.aspx.cs with one label with some text
saying "this form will be implemented later".

Here is all the property that I have set for the Login control
*********************************************
DisplayRememberMe is set to False
TitleText is set to Northwind Traders-Inloggning
DestinationPageUrl is set to ~/CustomerData.aspx

Here is how I implement forms authentication
**********************************
To implement forms authentication I use ASP.NET Web Site Administration Tool
that is located in a meny to the right
just above the solution explorer.
Click on Security in the ASP.NET Web Site Administration Tool .
Select authentication type and choose from the Internet.
Click on Create users and chose these values
Username: John
Password: Pa$$w9rd
Confirm Password: Pa$$w9rd
E-post: Some valid E-post format
Security question: My best animal
Answer on security question: Cat
Click on create user

Now click on Create access rules.
Select Nortwind in the section choose catalog for this rule.
Choose John as the user and select allow under section permission
Click on OK
Now click on Create access rules a second time
Select Nortwind in the section choose catalog for this rule
Select anynymous user and select deny as permission.
Click OK
Now you can close the ASP.NET Web Site Administration Tool because you have
done all the setting in this tool.

Now you can click on refresh in solution explorer so two new files is
displayed one in the folder App_Data
with the name ASPNETDB.MDF and web.config in the project root catalog.


Now EDIT the Web.config so the look is like this
**************************************
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="John" />
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="LoginForm.aspx" timeout="5"
cookieless="AutoDetect" protection="All" />
</authentication>
</system.web>
</configuration>

I can now test the web application
If I write invalid username or password a message inform me that you have
entered invalid username or password
If I write John as the Username and Pa$$w9rd as the Password the
CustomerData form is displayed with it's label
saying that this form will be implemanted later.

So If I run the web application from visual studio I works fine.

If I now start Internet explorer and enter this url
http://localhost/Northwind/customerdata.aspx
in the bowser I get the Login control and enter John as the Username and
Pa$$w9rd as the Password and
then I get this kind of error. See some rows below on the whole stack error
trace.
So as a summary if I run the appliaction from VisualStudio it works fine but
if
I run the appliaction from IIS it causes error Login failed for user
'HEMPC\ASPNET'

I can use Sql Server Management Studio Express to attach to the database
located at
F:\NORTHWIND\APP_DATA\ASPNETDB.MDF.
Have anyone some suggestion what I can do to fix this problem ?


Servererror in the applicationprogram /Northwind.
--------------------------------------------------------------------------------

Login failed for user 'HEMPC\ASPNET'.
Description: One exception which couldn't be handled occured when the
current webbrequest was run. More information
about the error and where in the code it occured can be found in the
stacktrace.

Exceptioninformation: System.Data.SqlClient.SqlException: Login failed for
user 'HEMPC\ASPNET'.

SourceError:

One exception which didn't handled was generated by the current web request.
Information about the origin for exception and
place can be identified with the stacktrace below.

StackTrace:

[SqlException (0x80131904): Login failed for user 'HEMPC\ASPNET'.]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) +4846887
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) +194
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand
cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject stateObj) +2392
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) +35
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64
timerExpire, SqlConnection owningObject) +144
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String
host, String newPassword, Boolean redirectedUserInstance, SqlConnection
owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +342
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString connectionOptions, String newPassword,
Boolean redirectedUserInstance) +221
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo, String
newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
+189
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection
owningConnection) +4861315
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection
owningObject) +433
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection
owningObject) +66
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) +499
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) +65
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) +117
System.Data.SqlClient.SqlConnection.Open() +122
System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context,
Boolean revertImpersonate) +87
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) +221
System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String
username, Boolean updateLastLoginActivityDate, Int32& status, String&
password, Int32& passwordFormat, String& passwordSalt, Int32&
failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount,
Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate)
+815
System.Web.Security.SqlMembershipProvider.CheckPassword(String username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved, String& salt, Int32& passwordFormat) +105
System.Web.Security.SqlMembershipProvider.CheckPassword(String username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved) +42
System.Web.Security.SqlMembershipProvider.ValidateUser(String username,
String password) +78
System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs
e) +60
System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e)
+119
System.Web.UI.WebControls.Login.AttemptLogin() +115
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
+101
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
+166
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565


//Tony
 
G

Gregory A. Beamer

I do some exercise from a book which work if I run from VisualStudo(VS)
but doesn't work when run from IIS.
This exercise will use forms authentication

Most likely an improper setting in IIS. And this may relate back to earlier
problems you were having. That is where I would examine first.

Peace and Grace,

--
Gregory A. Beamer (MVP)

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 
T

Tony Johansson

If I take a look at the setting for IIS and take property on my virtual
directory Northwind the following 6 tabs are listed.
Virtual directory
Document
Directorysecurity
HTTP-Head
ASP.NET
Adjust errormessage

Which of these is it that is of interest ?

Here is some settings that might be of interest.
In tabs ASP.NET I look at change configuration and here is the result
Name = LocalSqlServer
Connectionparameters = data source=.\SQLEXPRESS;Integrated
Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User
Instance=true

Tab virtual directory look like this
A directory on this computer is marked
Local searchpath =F:\Northwind
ReadAccess is checked
Access to Loggfile is checked
Index this resourse is checked
Applicationname = Northwind

If I look at directorysecurity and click on button edit I get this result
Anonymous access is checked
Username = IUSR_HEMPC
Allow IIS to use password is checked
Integerated windows-autentisering is checked


//Tony
 
T

Tony Johansson

It seems to me that IIS doesn't like ASPNET.

So I tried this
use "F:\NORTHWIND\APP_DATA\ASPNETDB.MDF"
create user [HEMPC\ASPNET] for login [HEMPC\ASPNET]
grant select to [HEMPC\ASPNET]
grant insert to [HEMPC\ASPNET]
grant delete to [HEMPC\ASPNET]

When I now run from VisualStudio I get this error
Cannot open user default database. Login failed.
Login failed for user 'HEMPC\Tony'

When I run from IIS I get the same error as before. See my previous mail.
So doing this kind of action wasn't any success.

Does anybody have any good idea what I can do to solve my problem.


//Tony
 
A

Abdul Sami

I suggest follwing two settings:

1: In original settings add identity element in web.config like
<system.web>
<identity impersonate="true"/>
</system.web>

2: If first setting doesn't work then try add asp_net user in user name of
security tab of IIS.
--
Abdul Sami


Tony Johansson said:
Hello!

I do some exercise from a book which work if I run from VisualStudo(VS)
but doesn't work when run from IIS.
This exercise will use forms authentication

Here is some background information:
I use windows XP pro with a Sql Server express 2005 database.
I have also Sql Server Management Studio Express

Here is what I have done
*******************
I have created a file system web site named Northwind that is using
Development Web server.
In this web site I have created the following files.
A LoginForms.aspx and LoginForm.aspx.cs with one Login control from the
Login category from the toolbox..
A CustomerData.aspx and CustomerData.aspx.cs with one label with some text
saying "this form will be implemented later".

Here is all the property that I have set for the Login control
*********************************************
DisplayRememberMe is set to False
TitleText is set to Northwind Traders-Inloggning
DestinationPageUrl is set to ~/CustomerData.aspx

Here is how I implement forms authentication
**********************************
To implement forms authentication I use ASP.NET Web Site Administration Tool
that is located in a meny to the right
just above the solution explorer.
Click on Security in the ASP.NET Web Site Administration Tool .
Select authentication type and choose from the Internet.
Click on Create users and chose these values
Username: John
Password: Pa$$w9rd
Confirm Password: Pa$$w9rd
E-post: Some valid E-post format
Security question: My best animal
Answer on security question: Cat
Click on create user

Now click on Create access rules.
Select Nortwind in the section choose catalog for this rule.
Choose John as the user and select allow under section permission
Click on OK
Now click on Create access rules a second time
Select Nortwind in the section choose catalog for this rule
Select anynymous user and select deny as permission.
Click OK
Now you can close the ASP.NET Web Site Administration Tool because you have
done all the setting in this tool.

Now you can click on refresh in solution explorer so two new files is
displayed one in the folder App_Data
with the name ASPNETDB.MDF and web.config in the project root catalog.


Now EDIT the Web.config so the look is like this
**************************************
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="John" />
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="LoginForm.aspx" timeout="5"
cookieless="AutoDetect" protection="All" />
</authentication>
</system.web>
</configuration>

I can now test the web application
If I write invalid username or password a message inform me that you have
entered invalid username or password
If I write John as the Username and Pa$$w9rd as the Password the
CustomerData form is displayed with it's label
saying that this form will be implemanted later.

So If I run the web application from visual studio I works fine.

If I now start Internet explorer and enter this url
http://localhost/Northwind/customerdata.aspx
in the bowser I get the Login control and enter John as the Username and
Pa$$w9rd as the Password and
then I get this kind of error. See some rows below on the whole stack error
trace.
So as a summary if I run the appliaction from VisualStudio it works fine but
if
I run the appliaction from IIS it causes error Login failed for user
'HEMPC\ASPNET'

I can use Sql Server Management Studio Express to attach to the database
located at
F:\NORTHWIND\APP_DATA\ASPNETDB.MDF.
Have anyone some suggestion what I can do to fix this problem ?


Servererror in the applicationprogram /Northwind.
--------------------------------------------------------------------------------

Login failed for user 'HEMPC\ASPNET'.
Description: One exception which couldn't be handled occured when the
current webbrequest was run. More information
about the error and where in the code it occured can be found in the
stacktrace.

Exceptioninformation: System.Data.SqlClient.SqlException: Login failed for
user 'HEMPC\ASPNET'.

SourceError:

One exception which didn't handled was generated by the current web request.
Information about the origin for exception and
place can be identified with the stacktrace below.

StackTrace:

[SqlException (0x80131904): Login failed for user 'HEMPC\ASPNET'.]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) +4846887
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) +194
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand
cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject stateObj) +2392
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) +35
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64
timerExpire, SqlConnection owningObject) +144
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String
host, String newPassword, Boolean redirectedUserInstance, SqlConnection
owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +342
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString connectionOptions, String newPassword,
Boolean redirectedUserInstance) +221
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo, String
newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
+189
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection
owningConnection) +4861315
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection
owningObject) +433
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection
owningObject) +66
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) +499
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) +65
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) +117
System.Data.SqlClient.SqlConnection.Open() +122
System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context,
Boolean revertImpersonate) +87
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) +221
System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String
username, Boolean updateLastLoginActivityDate, Int32& status, String&
password, Int32& passwordFormat, String& passwordSalt, Int32&
failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount,
Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate)
+815
System.Web.Security.SqlMembershipProvider.CheckPassword(String username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved, String& salt, Int32& passwordFormat) +105
System.Web.Security.SqlMembershipProvider.CheckPassword(String username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved) +42
System.Web.Security.SqlMembershipProvider.ValidateUser(String username,
String password) +78
System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs
e) +60
System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e)
+119
System.Web.UI.WebControls.Login.AttemptLogin() +115
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
+101
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
+166
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565


//Tony







.
 
T

Tony Johansson

Sorry for giving you wrong information.
I have been working on this error for some time now. I have been changing on
many places and I noticed
that I had forgot to change the status for BUILIN\users back to Grant. It
was set to Deny before

Now I get this type of errror message See below.
Does anybody have any good suggestion how I solve this problem.


ServerError in applicationsprogram /Northwind.
--------------------------------------------------------------------------------

Cannot open user default database. Login failed.
Login failed for user 'HEMPC\ASPNET'.

Description: One exception which couldn't be handled occured when the
current webbrequest was run. More information
about the error and where in the code it occured can be found in the
stacktrace.

Exceptioninformation: System.Data.SqlClient.SqlException: Cannot open user
default database. Login failed.
Login failed for user 'HEMPC\ASPNET'.

SourceError:

One exception which didn't handled was generated by the current web request.
Information about the origin for exception and
place can be identified with the stacktrace below.

StackTrace:

[SqlException (0x80131904): Cannot open user default database. Login failed.
Login failed for user 'HEMPC\ASPNET'.]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) +4846887
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) +194
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand
cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject stateObj) +2392
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) +35
System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64
timerExpire, SqlConnection owningObject) +144
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String
host, String newPassword, Boolean redirectedUserInstance, SqlConnection
owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +342
System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString connectionOptions, String newPassword,
Boolean redirectedUserInstance) +221
System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo, String
newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
+189
System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection
owningConnection) +185
System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection
owningObject) +433
System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection
owningObject) +66
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) +499
System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) +65
System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) +117
System.Data.SqlClient.SqlConnection.Open() +122
System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context,
Boolean revertImpersonate) +87
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) +221
System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String
username, Boolean updateLastLoginActivityDate, Int32& status, String&
password, Int32& passwordFormat, String& passwordSalt, Int32&
failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount,
Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate)
+815
System.Web.Security.SqlMembershipProvider.CheckPassword(String username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved, String& salt, Int32& passwordFormat) +105
System.Web.Security.SqlMembershipProvider.CheckPassword(String username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved) +42
System.Web.Security.SqlMembershipProvider.ValidateUser(String username,
String password) +78
System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs
e) +60
System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e)
+119
System.Web.UI.WebControls.Login.AttemptLogin() +115
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e)
+101
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
+166
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565

//Tony





Abdul Sami said:
I suggest follwing two settings:

1: In original settings add identity element in web.config like
<system.web>
<identity impersonate="true"/>
</system.web>

2: If first setting doesn't work then try add asp_net user in user name of
security tab of IIS.
--
Abdul Sami


Tony Johansson said:
Hello!

I do some exercise from a book which work if I run from VisualStudo(VS)
but doesn't work when run from IIS.
This exercise will use forms authentication

Here is some background information:
I use windows XP pro with a Sql Server express 2005 database.
I have also Sql Server Management Studio Express

Here is what I have done
*******************
I have created a file system web site named Northwind that is using
Development Web server.
In this web site I have created the following files.
A LoginForms.aspx and LoginForm.aspx.cs with one Login control from the
Login category from the toolbox..
A CustomerData.aspx and CustomerData.aspx.cs with one label with some
text
saying "this form will be implemented later".

Here is all the property that I have set for the Login control
*********************************************
DisplayRememberMe is set to False
TitleText is set to Northwind Traders-Inloggning
DestinationPageUrl is set to ~/CustomerData.aspx

Here is how I implement forms authentication
**********************************
To implement forms authentication I use ASP.NET Web Site Administration
Tool
that is located in a meny to the right
just above the solution explorer.
Click on Security in the ASP.NET Web Site Administration Tool .
Select authentication type and choose from the Internet.
Click on Create users and chose these values
Username: John
Password: Pa$$w9rd
Confirm Password: Pa$$w9rd
E-post: Some valid E-post format
Security question: My best animal
Answer on security question: Cat
Click on create user

Now click on Create access rules.
Select Nortwind in the section choose catalog for this rule.
Choose John as the user and select allow under section permission
Click on OK
Now click on Create access rules a second time
Select Nortwind in the section choose catalog for this rule
Select anynymous user and select deny as permission.
Click OK
Now you can close the ASP.NET Web Site Administration Tool because you
have
done all the setting in this tool.

Now you can click on refresh in solution explorer so two new files is
displayed one in the folder App_Data
with the name ASPNETDB.MDF and web.config in the project root catalog.


Now EDIT the Web.config so the look is like this
**************************************
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="John" />
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="LoginForm.aspx" timeout="5"
cookieless="AutoDetect" protection="All" />
</authentication>
</system.web>
</configuration>

I can now test the web application
If I write invalid username or password a message inform me that you have
entered invalid username or password
If I write John as the Username and Pa$$w9rd as the Password the
CustomerData form is displayed with it's label
saying that this form will be implemanted later.

So If I run the web application from visual studio I works fine.

If I now start Internet explorer and enter this url
http://localhost/Northwind/customerdata.aspx
in the bowser I get the Login control and enter John as the Username and
Pa$$w9rd as the Password and
then I get this kind of error. See some rows below on the whole stack
error
trace.
So as a summary if I run the appliaction from VisualStudio it works fine
but
if
I run the appliaction from IIS it causes error Login failed for user
'HEMPC\ASPNET'

I can use Sql Server Management Studio Express to attach to the database
located at
F:\NORTHWIND\APP_DATA\ASPNETDB.MDF.
Have anyone some suggestion what I can do to fix this problem ?


Servererror in the applicationprogram /Northwind.
--------------------------------------------------------------------------------

Login failed for user 'HEMPC\ASPNET'.
Description: One exception which couldn't be handled occured when the
current webbrequest was run. More information
about the error and where in the code it occured can be found in the
stacktrace.

Exceptioninformation: System.Data.SqlClient.SqlException: Login failed
for
user 'HEMPC\ASPNET'.

SourceError:

One exception which didn't handled was generated by the current web
request.
Information about the origin for exception and
place can be identified with the stacktrace below.

StackTrace:

[SqlException (0x80131904): Login failed for user 'HEMPC\ASPNET'.]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException
exception, Boolean breakConnection) +4846887

System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject
stateObj) +194
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior,
SqlCommand
cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet
bulkCopyHandler, TdsParserStateObject stateObj) +2392
System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean
enlistOK) +35

System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo
serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64
timerExpire, SqlConnection owningObject) +144
System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String
host, String newPassword, Boolean redirectedUserInstance, SqlConnection
owningObject, SqlConnectionString connectionOptions, Int64 timerStart)
+342

System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection
owningObject, SqlConnectionString connectionOptions, String newPassword,
Boolean redirectedUserInstance) +221

System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity
identity, SqlConnectionString connectionOptions, Object providerInfo,
String
newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)
+189

System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions
options, Object poolGroupProviderInfo, DbConnectionPool pool,
DbConnection
owningConnection) +4861315

System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection
owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31
System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection
owningObject) +433

System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection
owningObject) +66
System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection
owningObject) +499

System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection
owningConnection) +65

System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection
outerConnection, DbConnectionFactory connectionFactory) +117
System.Data.SqlClient.SqlConnection.Open() +122
System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context,
Boolean revertImpersonate) +87
System.Web.DataAccess.SqlConnectionHelper.GetConnection(String
connectionString, Boolean revertImpersonation) +221
System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String
username, Boolean updateLastLoginActivityDate, Int32& status, String&
password, Int32& passwordFormat, String& passwordSalt, Int32&
failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount,
Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate)
+815
System.Web.Security.SqlMembershipProvider.CheckPassword(String
username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved, String& salt, Int32& passwordFormat) +105
System.Web.Security.SqlMembershipProvider.CheckPassword(String
username,
String password, Boolean updateLastLoginActivityDate, Boolean
failIfNotApproved) +42
System.Web.Security.SqlMembershipProvider.ValidateUser(String
username,
String password) +78

System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs
e) +60
System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs
e)
+119
System.Web.UI.WebControls.Login.AttemptLogin() +115
System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs
e)
+101
System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args)
+37
System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String
eventArgument)
+166

System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String
eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
+36
System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
+1565


//Tony







.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,965
Messages
2,570,148
Members
46,710
Latest member
FredricRen

Latest Threads

Top