Reputation: 169
WebApi access to database fails when deployed to IIS
I developing ASP.Net MVC website which uses an ADO.Net Entity Data Model to connect to a MS SQL Server.
To access data it uses WebApis in views called from jquery which use the above datamodel to get data, and it also uses code in the view controller which also uses the same datamodel.
When I run this locally (on the development machine), everything works fine. However, when I deploy it to IIS v10.0 and try to access the website from another machine, it partially works. Calls to the database made using the WebApis fail with a:
HTTP500: SERVER ERROR - The server encountered an unexpected condition that prevented it from fulfilling the request.
Whilst pages that call data access code from the view controller work correctly.
When I look at the error for the WebAPI I see that the following error is produced:
"ExceptionMessage":"Login failed for user 'xxx\yyy-zzz-15$'
I don't know why this login is being used - I would expecting it to be using the 'NT AUTHORITY\IUSR' login, like the data access code from the view controller does.
Any thoughts?
Upvotes: 1
Views: 2341
Answers (4)
Reputation: 2469
In your connection string, if you don't set the user, it will use the IUSR user. And the IUSR User will not have enough permission to connect to the database.
I don't recommend to give rights to the IUSR user because this can cause security issues!
Instead, you should define your user id and password in your connection string.
If there is not user that you can use in your server, you can create a new user and give necessary permissions to this user.
here is a simple connection string :
data source=yourServerID;initial catalog=YourDatabaseName;user ID=yourNewUser;password=PasswordOfYourNewUser;
To configure a new user :
https://support.chartio.com/knowledgebase/granting-table-level-permissions-in-sql-server
Upvotes: 0
Reputation: 1974
Please check the application pool on which your website is running. If the app pool is running on a service account, you need to add same account to your database server and assign proper permissions.
Upvotes: 0
Reputation: 17858
Your problem as it stands is because you are running as a default account - you've then asked that account to access other machines and data. To fix that you need to have it work as an actual account.
To have your webcode run as a user the simplest way is get a functional account from your AD team, and then set the pool for your site to be that AD account, and allow that AD account also the appropriate (eg not sa) to SQL.. As per comment to Mohamed's options above.
Upvotes: 1
Reputation: 328
you have two options
- in database add that user to NT AUTHORITY\SYSTEM and give it the permissions to your database.
- make new user login in database and give it the permissions to your database and change the web.config to not be integrated security and add the user ID and password.
Upvotes: 1
Related Questions
- WebApi into a "IIS Application" causes 403.18 Forbidden error
- Problems when deploy my webapi in the iis
- Connecting asp.net core web api to asp.net-mvc5 project
- Access denied to ASP.NET WebAPI on IIS
- Web API Access denied error after Deploying in IIS
- Receiving 404 on WebAPI when inside anothe web application on iis
- WebAPI deployed to IIS, gives 404 Not Found
- WebAPI displays 404 error when deploying on Server using IIS 7 but works fine as selfhost
- Having trouble with ASP WebAPI 2.2 and IIS 7 with 404 Error Code
- WebApi using EF, Windows Authentication failed