Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message when you create a trusted data connection from ASP.NET to SQL Server: "Login failed for user: 'AccountName'"


Symptoms

When you create a trusted connection from Microsoft ASP.NET to Microsoft SQL Server, you may receive the following error message:
Login failed for user 'MachineName\ASPNET
For computers that run Internet Information Services (IIS) 6.0, you may receive the following error message:
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'
Note You receive either of these error messages specifically when you use integrated security (when you include the integrated security=sspi attribute in a connection string).

↑ Back to the top


Cause

When you use ASP.NET, the default security context is the ASPNET account (or NetworkService account, for an application that runs on IIS 6.0) for both Aspnet_wp.exe (or W3wp.exe, for an application that runs on IIS 6.0) and the request to SQL Server. By default, the ASPNET account (or NetworkService account, for an application that runs on IIS 6.0) does not have any permissions in SQL Server, and therefore it cannot access the database.

↑ Back to the top


Resolution

To resolve this issue, use one of the following methods:
  • Method 1 Programmatically change the security context of the ASP.NET worker process to a user who has the correct SQL Server permissions.
  • Method 2 Change the default configuration of ASP.NET so that the ASP.NET worker process starts and runs under the context of a user who has the correct permissions in SQL Server.
  • Method 3 Grant the correct permissions in SQL Server so that the ASPNET account (or NetworkService account, for an application that runs on IIS 6.0) has the appropriate access to the required resources.

    Note This method will make all the Web applications on the server have the corresponding right on the computer that is running SQL Server.

↑ Back to the top


Status

This behavior is by design.

↑ Back to the top


More Information

Steps to reproduce the issue

  1. Create a new Microsoft Visual Basic .NET Web application on a computer that is running both ASP.NET and SQL Server.
  2. Add the following code to the Page_Load event of the Webform1.aspx page that was created by using the project:
    Dim con As New System.Data.SqlClient.SqlConnection("data source=localhost;integrated security=sspi;database=northwind")
    con.open()
    con.close()
  3. Build the project, and then open the Webform1.aspx page in the browser.
  4. You receive the error message that is mentioned in the "Symptoms" section.

↑ Back to the top


References

For more information about how to programmatically change the security context of the ASP.NET worker process, click the following article numbers to view the articles in the Microsoft Knowledge Base:

306158 How to implement impersonation in an ASP.NET application

307002 ASP/ODBC/SQL Server error 0x80040E4D "Login failed for user '(null)'"

253500 "Client unable to establish connection" error message when connecting from ASP to SQL Server

306586 Troubleshooting error 80004005 "Login failed" in ASP

247931 Authentication methods for connections to SQL Server in Active Server Pages

315158 FIX: ASP.NET does not work with the default ASPNET account on a domain controller

824308 BUG: IWAM account is not granted the impersonate privilege for ASP.NET 1.1 on a Windows 2000 domain controller with SP4

For more information about how to change the default configuration of the ASP.NET security context, visit the following Microsoft Developer Network (MSDN) Web site:For more information about how to add the ASPNET account to SQL Server, see the "Adding a Windows User or Group" topic in SQL Server Books Online.

↑ Back to the top


Keywords: kb, kbsecurity, kbprb, kbnofix, kbhttpruntime, kbfaq, kbaspwpswept, kbdsupport, misc_migrate_32718, kbvs2003swept, kbado2applies, kbado2sweep, kberrmsg

↑ Back to the top

Article Info
Article ID : 316989
Revision : 2
Created on : 4/13/2018
Published on : 4/13/2018
Exists online : False
Views : 375