1

I have asp.net core 3.1 web api. When I run the project locally in Visual studio, it works fine. But when I publish it to IIS and run it, I get the error.

500 Internal Server Error","error": "A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)"} Or Login failed for user domain_name\machine_name.

connection string looks like this

"ConnectionStrings": {
"ABCDB": "Server=xxx-test,80;Database=abc;Integrated Security=true;MultipleActiveResultSets=true;"

},

I have the hosting bundle installed for .net core 3. my app runs under ApplicationPoolIdentity which is added to the database and has the permissions. My application pool is set to No Managed Code with ApplicationPoolIdentity. The endpoints for the api which are not connecting to the database work just fine on published version but anything that is connecting to the database gives the error.

I referred to couple of links but hard luck. https://www.loganfranken.com/blog/1345/why-your-web-application-cant-connect-to-sql-server/

IIS fails to pass windows credentials through to SQL Server for ASP.NET Core app

Why asp.net core app uses different user than AppPool identity for Windows Authentication when connecting to SQL Server?

Any help is appreciated.

Edit: The only things that works for me running the appPool under custom account(my credentialis) but does not work under appPoolIdentity on IIS

PAR
  • 707
  • 1
  • 6
  • 18
  • To increase security, the error message that is returned to the client deliberately hides the nature of the authentication error. However, in the SQL Server error log, a corresponding error contains an error state that maps to an authentication failure condition, you can judge the reason for the login failure based on the error status obtained in the log. For information about it, you can refer to this link: https://learn.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ms366351(v=sql.105)?redirectedfrom=MSDN – Ding Peng Dec 14 '20 at 07:24
  • I checked the logs, and it shows me same message Login failed for user domain name\machine name. Could not find a login matching the name provided. – PAR Dec 14 '20 at 22:58
  • You can try to change the site in IIS to use the Application Pool Identity, then change the Application Pool Identity to Network Service. – Ding Peng Dec 15 '20 at 07:57
  • I tried that but still the same. – PAR Dec 15 '20 at 14:12
  • Try to add "TRUSTED_CONNECTION = TRUE" to the connection string. – Ding Peng Dec 24 '20 at 08:22
  • I am having the same issue. I am hosting several other .NET Core 3.1 Web API projects on the same IIS server and they all work fine, all using the same MS SQL connection string. The only difference as far as I can tell is that this particular project did not start off on .NET Core 3.1 while the ones that work fine were built originally with 3.1. I narrowed it down to IIS as running the app on Kestrel on the IIS server works fine. But for this one app IIS is not using the credentials in the connection string in appsettings.json, just shoving in {DOMAIN}\{ServerName} as the MSSQL username. – jspinella Feb 23 '21 at 03:27

3 Answers3

0

your connection string should be like this:

"ABCDB": "Data Source=xxx-test;Initial Catalog=abc;Integrated Security=SSPI;Persist Security Info=True;"

and add application pool name of your published application of security/users folder of your DB:

IIS APPPOOL\<apppool name>

Or add a new user account to you DB with user name and password. In this case you will also have to change the connection string.

Serge
  • 40,935
  • 4
  • 18
  • 45
  • Thanks, still get the same issue Login failed for user 'DomainName\\MachineName$', locally on Visual Studio can run just fine. – PAR Dec 13 '20 at 05:23
0

It seem that your environment needs a reset.

1- Manually check your app folder under IIS to see if any cached files or similar ones could be deleted.

2- Ideally, install it in a new folder under IIS

3- Reset the IIS

4- Make a hard refresh of the web browser

Afshar Mohebi
  • 10,479
  • 17
  • 82
  • 126
0

I was having the same issue.

  • Other .NET Core 3.1 web apps are running just fine with the same authentication method (anonymous authentication) on the same IIS instance on the same server using the same connection string to the same MS SQL DB.
  • With this one particular .NET Core 3.1 web app, IIS is causing the app to try to authenticate to MSSQL DB with the username {DOMAIN}\{Computer Name}

The issue for me was that the connection string for the one app with the issue had "Trusted_Connection=True".

I knew that I would get this authentication interception from IIS with Integrated_Security but did not realize that Integrated_Security is synonymous with Trusted_Connection.

So the fix is to remove Trusted_Connection = True or Integrated_Security = True from the DB connection string in the app. If you need either of these two for your code to work (but are providing a username and password in the DB connection string), you should probably re-evaluate your code. Otherwise, the behavior OP and I observed should be what you want to happen and this isn't a problem.

jspinella
  • 2,013
  • 3
  • 25
  • 39