Classic ASP problem connecting to remote SQL Server database
For a site to use the application pool identity for classic ASP, you need to change the credentials used for Anonymous Authentication. By default, the site will be set to use a specific user, namely IUSR.
Select Authentication from the IIS area of your site, then select Anonymous Authentication followed by Edit. Change from Specific user to Application pool identity.
It's advisable to use Windows authentication (integrated security) over SQL authentication so that you don't have credentials in your config files so that if those files are compromised, you don't lose control of the credentials.
MsBao
Updated on September 15, 2022Comments
-
MsBao over 1 year
I have a classic ASP app that I am trying to connect to a SQL Server 2008 database on a different server. The ASP app is being served from IIS7 on Windows Server 2008.
I have changed the web site's application pool to run under a specific windows account, that I have verified has access to the database on the remote server.
However, when I run the app in the browser, I get this error:
Application Error Number: -2147217843 (0x80040E4D) Source: Microsoft OLE DB Provider for SQL Server Description: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Why is it trying to connect using NT AUTHORITY\ANONYMOUS LOGON? Does the App pool identity not apply to classic ASP code? How can I make this connect as a specific user?
EDIT
Here is the connection string I am using:
Provider=SQLOLEDB.1;Data Source=myDbServer;Initial Catalog=myDatabase;Integrated Security=SSPI
-
MsBao almost 15 yearsNeither servers are members of an Active Directory domain.
-
MsBao almost 15 yearsI don't want to disable anonymous access. I am using a form to authenticate users.
-
Remus Rusanu almost 15 yearsIntegrated Security=SSPI needs NTLM/Kerberos to work. You can either create a domain and use tru Windows Auth, use SQL authentication instead, or create identical local user/password accounts on the two machines and have the app pool use this credential.
-
MsBao almost 15 years@Remus - "... or create identical local user/password accounts on the two machines and have the app pool use this credential." That's exactly what I have done, but it is not working. I have done this for an ASP.NET site that is working with the same account. This is frustrating.
-
Remus Rusanu almost 15 yearsI don't think your classic ASP app pool is actually running as the user you expect it to run. But I'm not familiar enough with classic ASP on IIS7 quirks to guess why.
-
Robin Minto over 13 yearsYou shouldn't specify a username and password (i.e. SQL authentication) if you can avoid it. Using Windows authentication (integrated security) means you don't need to put credentials in your config files so that if those files are compromised, you don't lose control of the credentials. I've added an answer which shows how to get Windows authentication working for classic ASP.
-
Tony about 11 yearsGoddamn, this has been vexing me for days. Thanks for posting a solution.
-
user692942 about 10 years@RonnieOverby This should be the accepted answer! +1
-
user692942 about 10 years@RonnieOverby This shouldn't be the accepted answer! See @RobinM Answer.
-
Mauro about 10 yearsI can delete this if its not required any more.