Last post Nov 28, 2018 12:52 PM by PatriceSc
Nov 22, 2018 02:00 AM|Sam Hobbs|LINK
I have a Web Site project I am developing using a website in a local IIS. I am using Entity Framework Code First to create the database using SQL Server Express (MSSQLLocalDB). The database has been created but now I am getting the following error.
Cannot open database "MysDatabase" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\DefaultAppPool'.
I have another database created by a different web page in the same web site and that web form and database still work. In IIS the Identity for DefaultAppPool is ApplicationPoolIdentity and that is what
Application Pool Identities | Microsoft Docs says to do.
The following are the connection strings for each of the databases. The EFCodeFirstContext database works but the OtherDatabase database is getting the error.
<add name="ConnectionStringWD" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\EFCodeFirstContext.mdf;Integrated Security=True;Trusted_Connection=false;"
<add name="ConnectionString1" connectionString="Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\OtherDatabase.mdf;Integrated Security=True;Trusted_Connection=false;"
I have tried to find answers. There are many possible answers and there is not a significant amount of consistency among the possibilities so it is not clear what to do. I prefer to do things for a good reason (such as the supported solution), not just something
that works. Most or all the following answers are probably not relevant to me since they would apply only if the other database does not work either, but I have tried to find the answer for my situation.
The answer might be in
c# - Login failed for user 'IIS APPPOOL\ASP.NET v4.0' - Stack Overflow. It is asking about ASP.NET v4.0 but the answer says to add DefaultAppPool so that might be relevant to me too. It says
add a login to SQL Server for IIS APPPOOL\ASP.NET v4.0 and grant permissions to the database. The comments say that the IIS APPPOOL\DefaultAppPool account is the account to add; I do not understand why that was not done automatically and since the
other database works I am not sure it is what I should do. The following shows the logins for the server.
That thread also has an answer saying to Right click on db-> properties -> permission -> View Server permissions. I don't know if that is relevant to my situation. My server permissions do not have IIS APPPOOL\DefaultAppPool, as in:
asp.net - Keep getting "Login failed for user IIS APPPOOL\DefaultAppPool" no matter what I do - Stack Overflow says to set the identity to NetworkService or localsystem and I can find many other articles saying one or the other but I don't know if either
is better than ApplicationPoolIdentity.
asp.net - Login failed for user 'IIS APPPOOL\myAppPool - Stack Overflow says to just add a new user to the database but I am not sure if that applies to my situation, especially since the other database works. My database's Security/Users are as in the
Login failed for user 'IIS APPPOOL\DefaultAppPool' on SQL Express 2012 says
probably means that the database is permanently attached to the SQL instance and to change "AttachDbFilename" in the connection string with a full path to "Database" with just the database name but since the mdf file is in a subdirectory of my project's
directory and the other database works I assume it needs a complete path.
Cannot open database "test" requested by the login. The login failed. Login failed for user 'IIS APPPOOL\sample' | The ASP.NET Forums has great graphics that show how to change the from ApplicationPoolIdentity to LocalSystem but that is not what official
documentation says to do.
How can I determine the actual cause? I assume that the answer is easy if we know the cause but I will appreciate a solution to the logon failure if possibile.
Nov 22, 2018 09:48 AM|PatriceSc|LINK
This is the account under which your web app runs and as you are using "integrated security" it uses this account to connect to the db. It's quick and easy but if you have multiple applications running under the default application pool (and so the same
identity) it means that all those applications could potentially access to all those dbs.
On my dev machine I'm just using IIS Express (runs under my account) and on production machine each app uses its own domain account...
For now see perhaps under which account runs the other app and do the same for now until you decide on which approach you prefer (basically a tradeoff between admin tasks and app isolation).
Nov 27, 2018 10:45 PM|Sam Hobbs|LINK
I am not aware of anything relevant I changed but now it works.
We are supposed to include descriptions of what we have tried in our problem descriptions but I probably took that advice too far. The problem description here is much larger than it could have been.
Nov 28, 2018 12:52 PM|PatriceSc|LINK
More likely permissions were granted to the db. you are not supposed to be able to connect to SQL Server if the "login" is not allowed and to a database if the "user" is not allowed.