Troubles Querying Database in Application_Start

O

Ober

I'm having trouble with my security model, Application_Start, and accessing
my database.



My ASP.NET app is only going to be running in an intranet environment (not
on the public Internet). The production environment will have installed
everything locally (i.e., IIS, SQL Server, .NET Framework, etc., all on a
Win2k Server).



In IIS, I have disabled anonymous access so that only Integrated Windows
authentication is used. Then in my Web.config file I've set it up to use
Windows authentication, as such:



<appSettings>

<add key="connectionString"
value="database=RegPerfectDb;server=localhost;Trusted_Connection=true" />

</appSettings>



<system.web>

<authentication mode="Windows" />

<authorization>

<deny users="?" />

</authorization>

<identity impersonate="true" />

</system.web>



Then, in my Application_Start event in Global.asax, I need to run a query or
two to get some application-wide data from our database and store it in the
application cache.



When I try to access a database from Application_Start, I get the following
error:



System.Data.SqlClient.SqlException: Cannot open database requested in login
'DatabaseName'. Login fails. Login failed for user 'MACHINENAME\ASPNET'.



It's as if it is using the default ASP.NET worker process account (which is
not what I want). I need it to authenticate/authorize the logged in user
(which has access to the database) and use that user to access the database.





So, my questions are: what am I doing wrong? how do I set up IIS,
Web.config, database connection, etc. so that everything is properly
authenticated/authorized to the logged in user so that I can query the
database in Application_Start?



Thanks in advance for your help.
 
M

Marina

This is because when the application starts, it isn't running under any
particular user. That only happens for page requests - which is processed
after the application is started. Application_Start runs only once - and so
in what you are proposing, it would happen to run under whoever happened to
be the first person to access the application? It just doesn't work that
way.

Whatever you do in application_start can't rely on what user happened to
have made the first request to this app - so it needs a connection
independent of that.
 
H

Hermit Dave

have a browse through the matrix.
how are you connecting to sql server ? trusted connection ? or sql user /
password ?

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp

if you are using trusted connection or SSPI then your MACHINENAME\ASPNET
account will have to be granted access to the database (if you want to
enable access from application as there is no user context) plus for normal
user access dont forget to use <impersonate> in web.config

copying from an old code project article (though i wouldnt give access to
ASPNET account as DBOwner i would just just read / write on certain stored
procs
This should work on all other IIS 5.1 (possibly other versions)
combinations. The only difference between IIS 5.1 and IIS 6 is the account
the ASP.NET process runs under. IIS 5.1 runs under a %MACHINENAME%\ASPNET
where %MACHINENAME% is the machine name.

osql -E -S %SERVER%\%INSTANCE% -Q "sp_grantlogin '%MACHINENAME%\ASPNET'"Now
our ASP.NET application will be able to log into the server. Now all thats
left is to grant access to the databases.

osql -E -S %SERVER%\%INSTANCE% -d %DATABASE%
-Q "sp_grantdbaccess '%MACHINENAME%\ASPNET'"
osql -E -S %SERVER%\%INSTANCE% -d %DATABASE%
-Q "sp_addrolemember 'db_owner', '%MACHINENAME%\ASPNET'"These 2 lines will
add access to one of the databases. So if you want to add access to another
database just change %DATABASE% and run both lines.

other way open Query Analyser and do an "EXEC stored proc values here"
--

Regards,

Hermit Dave
(http://hdave.blogspot.com)
 
G

Greg Burns

Interesting. Does this only happen in Application_Start event? Does it
connect to SQL as the logged in user in a later event, say from Page_Load?

Greg
 
G

Greg Burns

Whatever you do in application_start can't rely on what user happened to
have made the first request to this app - so it needs a connection
independent of that.
Click to expand...

Ah, that makes good sense. Missed that.
 
O

Ober

Thanks for the info. That totally makes sense. Do you or does anyone else
have any suggestions on how to do what I'm looking to do? Maybe, put the
code in Session_Start (but then I don't need it to run for every new
session)? Or????
Thanks!
 
F

Frank Mamone

Is there any reason why you can't create a login for the ASPNET user?

Also, it is recommended that you use a single account to access your
database rather than use an account for each user. That way you will be
using your pooled connections more efficiently.

- Frank Mamone
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Website with Database. use C# 1
Application_Start in Global.asax doesnt fire! 4
Code to search the desktop for data in the microsoft access database. 0
Application_Start isn't executed 2
Application_Start event not fires 0
Connecting a database to Website 2
Update-database shows provider: SNI_PN11, error: 26 - error locating server/instance specified error 0
Application_Start event in Global.asax doesnt start? 1

Members online

No members online now.
Total: 57 (members: 0, guests: 57)
Robots: 464

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top