Hi,
I have the following setup -
All machines are running Windows Server 2008 R2
Machine 1:
Name - Computer1
IP - 192.168.1.1
Task - Database server running MS SQL Server 2008 Express R2 SP2
Domain - Domain Member of domain MyDomain running on Computer2
Machine 2:
Name - Computer2
IP - 192.168.1.2
Task - Domain Controller and DNS Server
Domain - Domain Controller, running domain MyDomain
Machine 3:
Name - Computer3
IP - 192.168.1.3
Task - Hyper-V Host
Domain - no domain, is configured as a workgroup
Hyper-V Guests -
Machine 4:
Name - Computer4
IP - 192.168.1.4
Task - Web server running IIS7
Domain - Domain Member of domain MyDomain running on Computer2
Machine 5:
Task - VPN server (inconsequential to current problem)
The network has been set up fine, and all machines can communicate effectively with one another.
I installed the IIS7 role on Computer4, and it was configured to run as ApplicationPoolIdentity by default.
I have a public website that will need to be accessed from the internet, and the website needs to connect (as itself, not as any particular user accessing the website) to the database to retrieve and display data on the website, such as news, media galleries,
etc. I also want to use Windows Authentication on SQL Server, and not Mixed Mode Authentication.
So what I did was, I created a limited user on the domain, and changed the Application Pool of the website to run as this limited domain user instead.
Then I went to SQL Server, and created a login for this limited domain user, and granted him appropriate access to the parts of the database (stored procs) that are relevant for the website.
Now, I came to the code in my website. I need to connect to the database, and execute a stored procedure that gets me the values of all the news items in the news table.
This is the code I used -
Sub MySub() 'gets called upon homepage load event
Try
Dim dt as new DataTable()
Dim myconnstr as String = "Data Source=Computer1\SQLEXPRESS; Initial Catalog=mydatabase;Integrated Security=true; Connection Timeout=3600"
Dim connectionstring as new SqlConnection(myconnstr)
Dim cmd as SqlCommand
cmd = new SqlCommand("myschema.mystoredproc1", connectionstring)
cmd.CommandType = CommandType.StoredProcedure
dt.clear()
connectionstring.open()
Dim dr as new SqlDataReader = cmd.ExecuteReader()
dt.Load(dr)
dr.Close()
connectionstring.Close()
Catch sqlex as SqlException
MsgBox(sqlex.Message)
Finally
connectionstring.Close()
End SubWhen I run the webpage, it just gets stuck there. The message bar on the browser says it's 'connecting to the website', and nothing ever gets showed on the browser.
I haven't tried debugging it using breakpoints yet, which in retrospect, I admit, was stupid of me to not try before typing out this humongous thread, but I'll get back to it after I've posted this.
If I try commenting out the code given above, and then run the webpage in the browser, everything shows up fine.
I need to know if I'm doing anything wrong/incomplete here, and how I can fix it.
Also, I want to avoid storing any connection strings or user credentials in the web.config file, if possible.
I've declared a safe class within my code in my App_Code folder that stores all connection information. It's harder for an intruder to break into this class and the code within than it is for them to break into the web.config file.
(Since these are meant to be production machines currently under development and testing, I have only been installing those applications/Roles that are strictly necessary for that machine's role, and am not installing additional stuff even for testing. Which
means I have SQL Server Management Studio installed only on the database server, and not on the web server. So there is no way for me to test whether the connection for the limited domain user login for the website even works, except through the website's
code, which unfortunately, isn't working.)