Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authentication.
Initially, when my application was much simpler, I had no permissions and roles and my authentication mode was set to "windows". Afterwards, however, I added authorization, changed the authentication mode to "Forms" and ever since, when I try to login,
I get the error above.
If you are getting the above error while trying to connect to a database, the reason is you are using Windows Authentication to login to the SQL Server while being in another untrusted domain.
For example if the SQL Server machine is a member of the CompanyDomain and if you are in MyDomain or if you are in a Workgroup the you will face the above issue while trying to connect to the SQL Server.
The connection string used in the web.config while the above error is generated is as follows.
1. Use the SQL Authentication to login to the SQL Server.
You can get this done by changing the connection string to use SQL authentication while connecting. But you need to know the credentials of an account which is having permissions to your required database or the System Administrator (SA)
password. For simplicity I will use SA account details in the connection string.
If you login to your machine using a domain account which the SQL Server is added to, then this error will vanish. But for this you need to add your machine to the same domain which the SQL Server machine is added to (CompanyDomain) also
to properly get authenticated the account used should have proper permissions set to access the database in the SQL Server.
3. Make the account trusted in SQL Server.
By making the account you use to login to your machine trusted account in SQL Server and giving it appropriate permissions to access databases will also permit you to fix this error.
This error normaly occurd when you dont have sufficent rights on web application folder. Give appropriat rights(provide permisssion to aspnet user) on web application folder and then try to login again.
Thank you for the informative response. I had my application running without an error when it still had the authentication mode set to "windows" but had to change it to "forms" because I needed to use a custom membershipprovider. Prior to adding this custom membership
provider and prior to the authentication mode changing to "forms" everything worked well. In fact, when I run the old version of my application online, the version without the customized membership, it works fine.
Might the addition of the custom membership provider(and its custom memberships) itself plus the change from mode "windows" to "forms" be the source of the problem? Everything remains the same between the old and the new version of my application except
for these couple of changes and yet one works and the other provides the error.
Thank you for the informative response. I had my application running without an error when it still had the authentication mode set to "windows" but had to change it to "forms" because I needed to use a custom membershipprovider. Prior to adding this custom membership
provider and prior to the authentication mode changing to "forms" everything worked well. In fact, when I run the old version of my application online, the version without the customized membership, it works fine.
Might the addition of the custom membership provider(and its custom memberships) itself plus the change from mode "windows" to "forms" be the source of the problem? Everything remains the same between the old and the new version of my application except
for these couple of changes and yet one works and the other provides the error.
Acoustic1978
Member
88 Points
164 Posts
Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authenticati...
Feb 05, 2011 07:00 PM|LINK
Hello Forum,
I was wondering what the following error means:
Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authentication.
Initially, when my application was much simpler, I had no permissions and roles and my authentication mode was set to "windows". Afterwards, however, I added authorization, changed the authentication mode to "Forms" and ever since, when I try to login, I get the error above.
What does it mean and how may I get rid of it?
Thank you.
shabirhakim1
Star
13496 Points
2145 Posts
Re: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authenti...
Feb 05, 2011 07:14 PM|LINK
Hi,
From http://arjunachith.blogspot.com/2010/05/failed-login-is-from-untrusted-domain.html
"Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."
<div class=post-header-line-1></div> <div class="post-body entry-content">If you are getting the above error while trying to connect to a database, the reason is you are using Windows Authentication to login to the SQL Server while being in another untrusted domain.
For example if the SQL Server machine is a member of the CompanyDomain and if you are in MyDomain or if you are in a Workgroup the you will face the above issue while trying to connect to the SQL Server.
The connection string used in the web.config while the above error is generated is as follows.
<div style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px; WIDTH: 393px; PADDING-RIGHT: 5px; DISPLAY: block; FLOAT: none; MARGIN-LEFT: auto; MARGIN-RIGHT: auto; PADDING-TOP: 5px" id=scid:9ce6104f-a9aa-4a17-a79f-3a39532ebf7c:7be9483c-3953-4854-945a-2900b4ce2448 class=wlWriterEditableSmartContent><div style="BORDER-BOTTOM: rgb(0,0,128) 1px solid; BORDER-LEFT: rgb(0,0,128) 1px solid; FONT-FAMILY: 'Courier New',Courier,Monospace; FONT-SIZE: 10pt; BORDER-TOP: rgb(0,0,128) 1px solid; BORDER-RIGHT: rgb(0,0,128) 1px solid">
<div style="PADDING-BOTTOM: 2px; PADDING-LEFT: 5px; PADDING-RIGHT: 5px; BACKGROUND: rgb(255,255,255); MAX-HEIGHT: 300px; OVERFLOW: auto; PADDING-TOP: 2px">
</div>
</div>
</div>
There are three ways to fix this problem.
1. Use the SQL Authentication to login to the SQL Server.
You can get this done by changing the connection string to use SQL authentication while connecting. But you need to know the credentials of an account which is having permissions to your required database or the System Administrator (SA) password. For simplicity I will use SA account details in the connection string.
<div style="PADDING-BOTTOM: 5px; PADDING-LEFT: 5px; WIDTH: 393px; PADDING-RIGHT: 5px; DISPLAY: block; FLOAT: none; MARGIN-LEFT: auto; MARGIN-RIGHT: auto; PADDING-TOP: 5px" id=scid:9ce6104f-a9aa-4a17-a79f-3a39532ebf7c:5a52e337-0690-486a-9a46-91396715b931 class=wlWriterEditableSmartContent><div style="BORDER-BOTTOM: rgb(0,0,128) 1px solid; BORDER-LEFT: rgb(0,0,128) 1px solid; FONT-FAMILY: 'Courier New',Courier,Monospace; FONT-SIZE: 10pt; BORDER-TOP: rgb(0,0,128) 1px solid; BORDER-RIGHT: rgb(0,0,128) 1px solid">
<div style="PADDING-BOTTOM: 2px; PADDING-LEFT: 5px; PADDING-RIGHT: 5px; BACKGROUND: rgb(255,255,255); MAX-HEIGHT: 300px; OVERFLOW: auto; PADDING-TOP: 2px">
</div>
</div>
</div>
2. Login to your machine using the same Domain.
If you login to your machine using a domain account which the SQL Server is added to, then this error will vanish. But for this you need to add your machine to the same domain which the SQL Server machine is added to (CompanyDomain) also to properly get authenticated the account used should have proper permissions set to access the database in the SQL Server.
3. Make the account trusted in SQL Server.
By making the account you use to login to your machine trusted account in SQL Server and giving it appropriate permissions to access databases will also permit you to fix this error.
</div>Regards
shabir
Waqar_ali
Contributor
3325 Points
693 Posts
Re: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authenti...
Feb 05, 2011 07:22 PM|LINK
This error normaly occurd when you dont have sufficent rights on web application folder. Give appropriat rights(provide permisssion to aspnet user) on web application folder and then try to login again.
Software Engineer
Please mark as answer if it help you.
Acoustic1978
Member
88 Points
164 Posts
Re: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authenti...
Feb 05, 2011 09:25 PM|LINK
Thank you for the informative response. I had my application running without an error when it still had the authentication mode set to "windows" but had to change it to "forms" because I needed to use a custom membershipprovider. Prior to adding this custom membership provider and prior to the authentication mode changing to "forms" everything worked well. In fact, when I run the old version of my application online, the version without the customized membership, it works fine.
Might the addition of the custom membership provider(and its custom memberships) itself plus the change from mode "windows" to "forms" be the source of the problem? Everything remains the same between the old and the new version of my application except for these couple of changes and yet one works and the other provides the error.
Acoustic1978
Member
88 Points
164 Posts
Re: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authenti...
Feb 05, 2011 09:36 PM|LINK
Thank you for the informative response. I had my application running without an error when it still had the authentication mode set to "windows" but had to change it to "forms" because I needed to use a custom membershipprovider. Prior to adding this custom membership provider and prior to the authentication mode changing to "forms" everything worked well. In fact, when I run the old version of my application online, the version without the customized membership, it works fine.
Might the addition of the custom membership provider(and its custom memberships) itself plus the change from mode "windows" to "forms" be the source of the problem? Everything remains the same between the old and the new version of my application except for these couple of changes and yet one works and the other provides the error.
Here is my current web.config:
<?xml version="1.0"?> <configuration> <configSections> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/> <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> </sectionGroup> </sectionGroup> </sectionGroup> </configSections> <appSettings> <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;"/> </appSettings> <connectionStrings> <clear/> <remove name="LocalSqlServer"/> <add name="LocalSqlServer" connectionString="Data Source=tcp:sql.discountasp.net;Initial Catalog=SQL2008_#####_MYWEB;User ID=SQL2008_#####_MYWEB_user;Password=#####" providerName="System.Data.SqlClient"/> <add name="MyConnectionString1" connectionString="Data Source=tcp:sql2k803.website.net;Initial Catalog=SQL2008_MyWEB_user;User ID=SQL2008_#####__MYWEB_user;Password=#####; Integrated Security=True;Connect Timeout=30;User Instance=True" providerName="System.Data.SqlClient"/> <add name="ASPNETDBConnectionString1" connectionString="Data Source=tcp:sql2k803.website.net;Initial Catalog=SQL2008_######_aspnetdb;User ID=SQL2008_#####_aspnetdb_user;Password=#####; Integrated Security=SSPI;User Instance=True" providerName="System.Data.SqlClient"/> </connectionStrings> <location> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> <system.web> <customErrors defaultRedirect=""/> <profile enabled="true"> <properties> <add name="FirstName" type="string"/> <add name="LastName" type="string"/> <add name="SearchTerms" type="System.Collections.Specialized.StringCollection" serializeAs="Xml"/> </properties> </profile> <!-- Visual Basic options: Set strict="true" to disallow all data type conversions where data loss can occur. Set explicit="true" to force declaration of all variables. --> <roleManager enabled="true"/> <authorization> <allow roles="Administrator\>" <deny users="*"/> </authorization> <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="30"> <providers> <clear/> <add name="MyMembershipProvider" connectionStringName="ASPNETDBConnectionString1" applicationName="MYWEB" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" minRequiredPasswordLength="3" minRequiredNonalphanumericCharacters="0" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> </providers> </membership> <globalization fileEncoding="utf-8" requestEncoding="utf-8" responseEncoding="utf-8" culture="en-US" uiCulture="en-CA"/> <compilation debug="true" strict="false" explicit="true"> <assemblies> <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="Microsoft.ReportViewer.WebForms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> <add assembly="Microsoft.ReportViewer.Common, Version=9.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> <add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/> <add assembly="System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Web.DataVisualization.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Windows.Forms.DataVisualization.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Windows.Forms.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </assemblies> <buildProviders> <add extension=".rdlc" type="Microsoft.Reporting.RdlBuildProvider, Microsoft.ReportViewer.Common, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> </buildProviders> </compilation> <authentication mode="Forms"> </authentication> <pages maintainScrollPositionOnPostBack="true"> <namespaces> <clear/> <add namespace="System"/> <add namespace="System.Collections"/> <add namespace="System.Collections.Generic"/> <add namespace="System.Collections.Specialized"/> <add namespace="System.Configuration"/> <add namespace="System.Text"/> <add namespace="System.Text.RegularExpressions"/> <add namespace="System.Linq"/> <add namespace="System.Xml.Linq"/> <add namespace="System.Web"/> <add namespace="System.Web.Caching"/> <add namespace="System.Web.SessionState"/> <add namespace="System.Web.Security"/> <add namespace="System.Web.Profile"/> <add namespace="System.Web.UI"/> <add namespace="System.Web.UI.WebControls"/> <add namespace="System.Web.UI.WebControls.WebParts"/> <add namespace="System.Web.UI.HtmlControls"/> </namespaces> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add namespace="AjaxControlToolkit" assembly="AjaxControlToolkit" tagPrefix="ajaxToolkit"/> <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting" assembly="System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </controls> </pages> <httpHandlers> <remove path="*.asmx" verb="*"/> <add path="*.asmx" verb="*" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> <add path="*_AppService.axd" verb="*" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> <add path="ScriptResource.axd" verb="GET,HEAD" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> <add path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" validate="false"/> <add path="ChartImg.axd" verb="GET,HEAD" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </httpModules> </system.web> <system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5"/> <providerOption name="WarnAsError" value="false"/> </compiler> <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5"/> <providerOption name="OptionInfer" value="true"/> <providerOption name="WarnAsError" value="false"/> </compiler> </compilers> </system.codedom> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <remove name="ScriptModule"/> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated"/> <remove name="ScriptHandlerFactory"/> <remove name="ScriptHandlerFactoryAppServices"/> <remove name="ScriptResource"/> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD" path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/> </handlers> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> </assemblyBinding> </runtime> </configuration>Acoustic1978
Member
88 Points
164 Posts
Re: Login Failed. The Login Is From An Untrusted Domain And Cannot Be Used With Windows Authenti...
Feb 05, 2011 11:20 PM|LINK
Any ideas where I'm going wrong in my connectionstrings?
Thanks