Moved DB, now Users can't login to my web app.

  • This must be some kind of permissions issue, but I'm not sure where it is - and it's probably simple.

    We are in the process of moving our DB app to some new servers.

    I did a full backup of the Database on the old server and a restore on the new server.

    I configured IIS and reinstalled my aspx files, and my web app is viewable and making a db connection - all the menus and gridviews etc. are being populated.

    Everything seems to work well except that my app has code in it to recognize who is logged into the current session, and makes certain display choices based on that. If my app doesn't recognize a network user, it shows "not logged in". And so now it's doing that all the time, presumably because there is something amiss with the user logins.

    2 things don't make sense.

    1. I did the same backup/restore procedure about 3 months ago to create a test environment on a different server based on data in the production environment, and I didn't have this problem.

    2. in visual studio, if I run my app in debug mode, it recognizes my user name and everything works normally.

    So what does that all mean? where does the problem lie? is it a permissions/logins/user issue or not? I checked all the mappings and they seem to be right, pointing to the correct database, etc.

    I did change the name of the Database from what it was on the old server. I figured that might have messed up stuff, so I tried

    http://support.microsoft.com/kb/918992/

    but the script failed saying that the accounts already exist.

    What to do next????

  • Were the database and web site originally on one server? Are you using a generic account for login to the database or windows authentication?

  • Try the following from the new database.

    Execute sp_change_users_login 'Report';

    If this returns any data, fix the user accounts that are reported.

    Jeffrey Williams
    “We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”

    ― Charles R. Swindoll

    How to post questions to get better answers faster
    Managing Transaction Logs

  • yes, both the db and the website were originally on the same server. I just did a full backup by right clicking and then chose "backup". I found the backup file and copied it to the new server, where I went into MSSMS and restored it.

    both servers are on the same domain, and we are using windows authentication.

  • hi. I tried

    Execute sp_change_users_login 'Report';

    but it returned no data

  • ... my app has code in it to recognize who is logged into the current session, and makes certain display choices based on that. If my app doesn't recognize a network user, it shows "not logged in".

    What user is it recognized as if not a valid user? Is anonymous access enabled on the website?

  • what would happen if i just deleted all logins and permissions and reset them manually?

  • Todd Engen (7/16/2008)


    ... my app has code in it to recognize who is logged into the current session, and makes certain display choices based on that. If my app doesn't recognize a network user, it shows "not logged in".

    What user is it recognized as if not a valid user? Is anonymous access enabled on the website?

    It looks like the value being returned is Nothing, Null, or an empty string "". It is being generated by the code my.user.name. And yes, I believe anonymous access is enabled.

  • There is some additional work that needs to be done in order to get ASP.NET to pass Windows credentials to SQL Server when on separate servers. It works fine when the Web App and SQL Server are on the same box, but there are issues when running the Web app and SQL Server on separate boxes. Here are a couple of articles on how to do it:

    http://msdn.microsoft.com/en-us/library/ms998292.aspx

    http://weblogs.asp.net/achang/archive/2004/04/15/113866.aspx -- I suggest looking though the discussion on this one as well.

  • thanks jack, but they are still on the same server, just a different server than before. I'm sorry if I wasn't clear - And I just verified that My.User.Name is passing the value "" when it should be passing "DOMAIN\username"

  • NuJoizey (7/16/2008)


    thanks jack, but they are still on the same server, just a different server than before. I'm sorry if I wasn't clear - And I just verified that My.User.Name is passing the value "" when it should be passing "DOMAIN\username"

    No problem. Looks like some kind of .NET issue now, so I won't be much help. Hope you get it figured out quickly.

  • NuJoizey (7/16/2008)


    Todd Engen (7/16/2008)


    ... my app has code in it to recognize who is logged into the current session, and makes certain display choices based on that. If my app doesn't recognize a network user, it shows "not logged in".

    What user is it recognized as if not a valid user? Is anonymous access enabled on the website?

    It looks like the value being returned is Nothing, Null, or an empty string "". It is being generated by the code my.user.name. And yes, I believe anonymous access is enabled.

    It might just be a matter of disabling anonymous then. I believe that's the first authentication method attempted regardless of the other authentication settings. I'd check on the working IIS server to see if that's the case.

  • Todd,

    hey, thanks so much for your response, this got me a step closer - Disabling anonymous does indeed solve the immediate problem of my app not seeming to recognize who is logged in. It now recognizes a valid user. However, the system was designed with the intent that an anonymous user is still able to browse the app without having to necessarily log in, but is just not able to do certain things.

    Now if try to access the URL with an account that isn't in the system, or try to access it over terminal services, I get prompted with a login box. This isn't the intended behavior.

    So my greater question - is this indeed strictly an SQL Server permissions issue? - because the permissons seem to work under certain conditions - but something is still messed up - but what is it? argh!

  • NuJoizey (7/17/2008)


    Todd,

    hey, thanks so much for your response, this got me a step closer - Disabling anonymous does indeed solve the immediate problem of my app not seeming to recognize who is logged in. It now recognizes a valid user. However, the system was designed with the intent that an anonymous user is still able to browse the app without having to necessarily log in, but is just not able to do certain things.

    Now if try to access the URL with an account that isn't in the system, or try to access it over terminal services, I get prompted with a login box. This isn't the intended behavior.

    So my greater question - is this indeed strictly an SQL Server permissions issue? - because the permissons seem to work under certain conditions - but something is still messed up - but what is it? argh!

    This has nothing to do with SQL Server. You are being prompted for login by the IIS server. There is probably a way to to get the user name in .NET from a web site that allows anonymous access.

    A question, if the user does not have a Windows login to get to the webserver, how would you access the SQL Server as your connection is using Windows Authentication? Or are there sections of the web site that does not connect to the SQL Server?

  • yes there are a few ways to get who the user is, but when I moved over the app the current way the app is using stopped working. It shouldn't do that, so of course it must be something with either the IIS permissons or SQL Server permissions. I've looked at each like 1000 times and I can't seem to find where the difference is.

    I am by no means an expert on permissions and user configurations, but I surmise by examinining the logins and security folders that the answer your question is as follows:

    In our companywide active directory, there is a group called STAFF that contains everyone in the company. The sql server grants a login to STAFF, which maps to a local db user called STAFF. I'm fairly certain that any new employee is added by our domain admin to STAFF, and so also has certain rights to the SQL server.

    Right now the way it works is when a new user comes on board, I need to enter that person's windows login domain/username into the DB. The web app grabs the who is logged in using VB.NET code and checks it against the DB. If the person currently logged in has a record in the DB, then they have full access to all of the apps features, but if not, the user name displays "not logged in", and that user can browse certain things, but not others.

    And the problem is that my app thinks that everyone is not logged in, even valid users. Nothing in the ASP.NET code changed, so it's gotta be something with the permissions somewhere - right?

Viewing 15 posts - 1 through 15 (of 25 total)

You must be logged in to reply to this topic. Login to reply