F
Filip
Hi,
I have a website runnning on Windows 2003 Web Server edition that needs to
connect to an MS SQL2000 database.
The web server is NOT part of the domain, but can talk to my database via
IP and retrieve data when using SQL server login.
This however means there is a User ID /Password in clear text.
I would like to use SSPI, so I did the following:
1. created local account on my Web server with known password
2. using aspnet_setreg I encrypted and inserted the User ID/Password into
registry
3. ACL set on the registry key to Read
4. In Web config I set
<identity impersonate="true"
userName="registry:HKLM\Software\TestApp\Identity\ASPNET_SETREG,userName"
password="registry:HKLM\Software\TestApp\Identity\ASPNET_SETREG,password"
/>
User is being correctly impersonated
5. I gave permissions to my new user to have access to files/folders required
by ASP.NET
6. Created "mirrored" local account on my database server.
However, when I run a page that contains database connection/data retrieval
I get the following error:
"Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection."
obviously my User ID / Password are not being passed through.
Can anybody suggest, what I need to do, obviously I don't want to have the
User ID and Password in clear text.
Please keep in mind Web server and Database server are NOT in tha same domain
(can't use domain logins!)
Thanks in advance,
Fili
I have a website runnning on Windows 2003 Web Server edition that needs to
connect to an MS SQL2000 database.
The web server is NOT part of the domain, but can talk to my database via
IP and retrieve data when using SQL server login.
This however means there is a User ID /Password in clear text.
I would like to use SSPI, so I did the following:
1. created local account on my Web server with known password
2. using aspnet_setreg I encrypted and inserted the User ID/Password into
registry
3. ACL set on the registry key to Read
4. In Web config I set
<identity impersonate="true"
userName="registry:HKLM\Software\TestApp\Identity\ASPNET_SETREG,userName"
password="registry:HKLM\Software\TestApp\Identity\ASPNET_SETREG,password"
/>
User is being correctly impersonated
5. I gave permissions to my new user to have access to files/folders required
by ASP.NET
6. Created "mirrored" local account on my database server.
However, when I run a page that contains database connection/data retrieval
I get the following error:
"Login failed for user '(null)'. Reason: Not associated with a trusted SQL
Server connection."
obviously my User ID / Password are not being passed through.
Can anybody suggest, what I need to do, obviously I don't want to have the
User ID and Password in clear text.
Please keep in mind Web server and Database server are NOT in tha same domain
(can't use domain logins!)
Thanks in advance,
Fili