Login failed for user '(null)'.

[gunck8]

Hi,

I get the following error when I try to access the testpage of LOGINventory Webinterface.

"Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection."

IIS is not installed on the same server as the SQL database. The only place where the Webinterface works is on the IIS server, when I log in with admin-credentials.

Any suggestions

-gunck8

[MarcoM]

Hi,

It seems that the user account could not be delegated to the sql server. Please have a look at the SQL Server, SQL Server 2005 Express HowTo which says ...

Using Windows Authentication is usually unproblematic if the database server runs at the same server as LOGINventory does. If you run into authentication problems and you are not sure which user is finally connecting to the database (sometimes there are problems with delegation so that the user connecting to the db is a system account instead of the expected user account) check the SQL Server -> Management -> SQL Server Logs for access denied messages to dertermine the accordant user account.

Another option is to use SQL Authentication. This is also described in this HowTo.

[gunck8]

The Web interface is probably using the aspnet-account of the web server, when it is contacting the SQL-server. I'm not sure because turning on logging on the SQL server would require a restart of the SQL service and I can't do that right now.

However I would rather use Windows authentication, not SQL-. because I would like to securely control who is using the web interface of LOGINventory. Is there no way to implement it when SQL runs on an another server?

-gunck8

[MarcoM]

Hi,

In this constellation it is not possible to restrict database access for certain users. Because ASP.NET is not able to delegate credentials to the database server. It is always using another account like the inetuser or anonymous.

Please set the appropriate access restrictions (File Access Security (ACL)) to the "liwi" directory (C:\inetpub\wwwroot\liwi) and use SQL-Authentication. This restricts access to the Webinterface even better.

Another possibility is to enable the Webinterface server to delegate but we can not give you advise on how to do this. There are several MSDN articles about this (Delegation -> Active Directory).

You may also enable the
AspNetWindowsTokenRoleProvider
within the liwi web.config file instead of using file system security.

[gunck8]

I tried to change the 'computer\users'-rights for the virtual directory to anything else that I belong to, including my own domain account, but I can't get into liwi with anything else than the initial ACL settings. Quite strange..

Anyway- now I'm using AspNetWindowsTokenRoleProvider and it seems to work.

Thank you for your help MarcoM!

-gunck8