Sharepoint Database Access within a domain - sharepoint-2007

I have two servers in a domain. Web Server & Database Server.
I have a number of standard .net websites accessing the SQL Server with no problems, using SQL Username/password combos for each database.
Sharepoint configures the access as Integrated Security=True
When I ran the Config wizard, I 'briefly' saw the Admin top-site.
After a short browse around, I lost the connection. [I touched/changed nothing!!!!]
I now get "Cannot connect to the configuration database."
It seems obvious that the problem is one of access permissions to the database but I can't see it.
The IIS Website uses the Sharepoint AppPool which in turn uses a Domain Account that successfully created the SharePoint_Config Database and & Content databases. They obviously continue to use that account.
The Event Viewer shows multiple instances of:
"Unable to connect to the database SharePoint_Config on [Database Computer]. Check the database connection information and make sure that the database server is running.."
Any suggestions?

This occurs when:
The SQL database or service is not online/running.
Internet Information Services (IIS) is configured to run in IIS 5.0 isolation mode.
The account that is used by application pool does not have the required permissions to the SQL Server database.
Network connectivity has been lost between the Windows SharePoint Services server and the Microsoft SQL Server server.
Check all of those and if all of that is set, check your sql server. Make sure your config database isnt marked as 'suspect' or that something else isnt off. Try resetting your SQL service.
I've also had this happen when an application pool account was changed. Even if the application pool is online, sometimes recycling it does the trick. Alternatively, confirm the application pool account:
Open Server Manager.
Click on Roles.
Choose Web Server (IIS)
Choole IIS.
Open server in the Connections panel.
Choose Application Pools.
For every item in Application Pools, click on it once, and then choose Advanced Settings.
Under Process Model, Identity,
change it, choose "Custom Account".
Enter an account and password for an account with a lot of permissions. I used the Sysadmin.
Restart the Web Server.
Also, 32 or 64 bit? Make sure IIS is running in the right mode, sometimes additional software installs can change things:
First, fix IIS:
\inetpub\AdminScripts\cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 False
Second, reregister the .Net isapi filters:
\windows\microsoft.net\Framework64\v2.0.50727\aspnet_reg
iis.exe -i
If it is none of the above, have there been any DNS or NETBIOS changes? That is also a common cause.
If nothing else works, simply try to reboot your server.

Related

Azure website to connect with databases on-premises as well as on azure

I want to publish my website on to azure, but the database should be on-premises for each client. One default database, however, should be on Azure too. In my asp.net MVC website, after my connection with default database is established, then I change the connection string based on the credentials entered by the user on login screen. This user database would be present at the client.
Do I simply change the connection string in web.config or do I need to set it up as follows?
I read this article that looks familiar to my scenario
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Should I follow this article directly or do I need to create "cloud service deployment" as mentioned in this article?
The SO thread you referred for cloud service deployment is very old.
Go ahead with Hybrid connections. Read best practices.

Identity Impersonation with ASP.NET 4 MVC not working as expected

I am in the process of building a Intranet MVC 4 application for our analysts. The goal is to allow internal users access to this application without having to sign on given they are part of our internal network. When they access the application I want to be able to capture their windows user name and check against the active directory using LDAP and retrieve the department they belong to and display the relevant details on the screen. Based on the advice from different fora, I have chosen Windows Authentication for this application and I was able to test the app successfully running from Visual Studio. The trouble I am having is when I deploy this to our UAT server running IIS 7.5.
<authentication mode="Windows">
</authentication>
<identity impersonate="false" />
This is the current state of my Web.config file. Irrespective of whether impersonate is true or false, the application seems to not capture the windows username of the browser from which the application is accessed. Is
impersonate = true
required for this at all? In the Welcome message on the homepage, I always see the windows user name of the computer where the application is hosted/IIS is running. I have tried a wide variety of ways to capture the Windows User name of the incoming user request.
string name = System.Web.HttpContext.Current.User.Identity.Name;
string name = System.Web.HttpContext.Current.Request.LogonUserIdentity.Name;
string name = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
string name = System.Web.HttpContext.Current.Request.ServerVariables["LOGON_USER"].Name;
etc. I also looked into several other posts here like this. But I am unable to get it to work. I am afraid that I am trying to achieve this by accident rather than really understanding what is going on? Could someone please guide me in the right direction?
No, you misunderstand the purpose of impersonation.
First, Impersonation is no longer supported in IIS 7 or greater running in integrated mode.
Second, the purpose of impersonation is to change the "user" the worker process runs under at runtime, specifically to allow access to filesystem or database resources as that user. It has nothing to do with authentication in general, and is not particularly useful for most web applications.
You want to use Windows Authentication, however you should know that this will only work with Internet Explorer. It will also only work with servers that are joined to your domain, and do not have any intermediary Kerberos authentication issues. (these are often known as "double hop" problems). Other browsers do not, by default, provide Active Directory account information automatically, although some may be configured to allow it to do so, others do not.
If you are using a properly configured server with Windows Authentication, and you are using a browser that supports ActiveDirectory Kerberos ticket passthrough, and there are no network issues that would cause problems with this passthrough, then you can use HttpContext.Current.User.Identity.Name to get the users name.
Don't use LogonName or anything like that, as those will just give you the worker process, not the authenticated users name.

How to publish and host a MVC4 application in your domain?

I have a webdomain www.MyDomain.com and a MVC4 web application MyMVCWebApp.
First I publish the application to a local destination.
For instance: C:\TempLocation
And then I host it to my domain with a FTP-tool (FileZilla??)
The files will be hosted but I can't find the webpage.
Which url do I have to write?
http://www.MyDomain.com/MyMVCWebApp/Home/Index.chtml or something?!
Do I have change the settings in my web.config?
What do I have to do?
You can't host an application on a domain.
An application is hosted on a web server. A domain name is only a way to translate an easy to remember address like "www.google.com" to the web server ip address which looks like 173.194.66.104
It is possible to purchase a domain without a web server.
So before going further:
Check if you actually bought a domain only, or a domain with a server
Your domain should redirect to your server ip address, you can see if he is correctly configured by opening a command prompt and doing
C:\> ping www.yourdomain.com
If this is not the case you will need to update the A record of your domain, and wait for the update to be replicated on DNS server worldwird.
If you have a managed server, you should check your hosting provider website. They usually provide in depth documentation, and they all have a different way to do things. Most of the time indeed you will be able to upload your files using a FTP software such as Filezilla.
However, in order to host a MVC 4 application you need a server with
the IIS web server, which means that you need a Windows server. So if
you have a Linux server, you should contact your hosting provider
support and tell them you made a mistake during your order. (It is
possible to host a MVC 4 application on Linux, but I don't think it
is often provided on managed servers)
If you have a dedicated server you are on your own.
The URL you will have to write to access your application will depends on what you have configured in the RegisterRoutes method of the RouteConfigs.cs file.
I recommend you to watch the last video on this page to have a better overview of the possibilities.

Trying to connect ASP.NET MVC to SQL Server 2008 R2 with possible wrong connection string

Running SQL Server 2008 R2 and ASP.NET MVC 2 web application on the Virtual Server of big german hosting-provider.
I have a problem to connect to the SQL Server.
On localhost this connection string works fine:
#"Data Source=LOCAL-HP;Initial Catalog=OnlineVertrag;Integrated Security=True";
I'm using a similar connection string on the server:
#"Data Source=MYSERVER\SQLEXPRESS;Initial Catalog=OnlineVertrag;Integrated Security=True";
but nothing happens over there.
Here is my project which I am trying to connect: http://www.hotcont.eu/OnlineVertrag/Home
Based on your comments, your SQL instance on the server has a username/password combination. You cannot use the integrated security connection for a SQL Server connection requiring SQL authentication.
Using the login information provided to you by your host, you should update your connection string to the following:
Server=MYSERVER\SQLEXPRESS;Database=OnlineVertrag;User Id=myUsername;
Password=myPassword;
Taken from ConnectionStrings.com
EDIT
Ok - I think I know what you are dealing with now. You have a virutal machine hosted on a large hosting provider -> meaning that you have control over the machine itself (aka Remote Desktop Management or something?)
The SQL connection string that I provided is for use with SQL server accounts -> meaning those that you actually create within SQL server itself. The SQL connection string that you provided uses the current logged in user's user account information from Windows to connect to SQL.
So here is the disconnection between localhost and the virtual server. When you are running on localhost, I am going to assume that you are using the built in web server to Visual Studio or some equivalent. Most often, during debugging, the web application is running under the Logged in user of the machine - aka: you. You have permission to your own SQL database, thus no issue. BUT...when you deploy your web application to an IIS instance, the web application is no longer running as the logged in user, but rather the identity of the application pool that is your app is a member of. Typically this is something like NETWORKSERVICE.
You have three options available to you
Enable and use SQL user accounts for connection from your web application and your SQL server. If you choose to go this route, you will need to use the connection string I provided above.
Login to your SQL server and add the identity of your application pool to the Allowed Users of SQL server and your database.
Change your application pool's identity to an actual user account on the server (BAD IDEA)
Most web applications go with the first option as it allows you do a few things such as create a distinct SQL user for each application that you host and as well as you can explicitly define permissions for the SQL user to each database that it may need access to (for instance, do not allow the SQL user to DROP tables).
EDIT 2
The way you are trying to connect sounds like it should be using the Shared Memory Protocol, but it might be trying to connect over TCP/IP. I forgot this earlier, but most installs of SQL are not setup to listen on the TCP/IP interface on first install. To check your configuration, click the start button (or orb or whatever Microsoft calls that now) -> All Programs -> Microsoft SQL Server 2008 -> Configuration Tools -> SQL Server Configuration Manager. This will open a new window with some options on the left hand side. Click the SQL Server Network Configuration. Ensure that TCP/IP and Shared Memory is set to enabled. If a 64 bit install, you should probably do this for both the SQL Server Network Configuration (32 bit) and the SQL Server Network Configuration
http://msdn.microsoft.com/en-us/library/ms191294.aspx
Try this
Data Source=MYSERVER\SQLEXPRESS;Initial Catalog=OnlineVertrag;Provider=SQLNCLI10;Integrated Security=SSPI;Auto Translate=False
I hope this works for you.

Session state lost in asp.net web farm

I've been busy with this for months now.
I currently have 2 servers for 1 website. Using round robin dns I find that in the beginning everything works (checking the ip of the website it changed but I can go on with my session), but after a while I lose my session, seems like the formsauthentication cookie cannot be read and is being discarded. (assumption) But this does not happen all the time. Only sometimes.
I'm using iis7 shared configuration, I set the machine key and I'm using stateserver pointing to one of the servers and I verified that on both servers the stateserver works.
I read something about the IIS application path, but I don't really know what is meant by that, is it the path of the webapp, or the path where IIS is installed? In both cases they are the same.
Anyone have some ideas?
I'll answer this one myself, for anyone facing the same problem. Everything was set up correct but the machine key should be located in the web.config under system.web. Generating the key via iis 7 didn't work for some reason, I generated it with an online tool: http://aspnetresources.com/tools/machineKey
So, to do load balancing and set up multiple servers on iis7 you should:
Use a stateserver out-proc (stateserver or sql server) and have all
servers point to that stateserver (example: stateConnectionString="tcpip=server1:42424")
Use iis shared configuration so all your servers point to a share where the applicationhost.config resides.
Generate a machine key (not via iis, just use an online tool!)
Set up NLB (or round robin DNS) and test it by flushing your dns on
your client when you're logged in and see if your session doesn't get lost.
Hope this helps someone.
And the machine keys are specific to the .NET version. To check your current version: In the IIS console, at the server level, click "Change .NET Framework Version" in the Actions pane.

Resources