Any asp.net SQL gurus?!

[Teledude]

Have just inherited a web based app with a SQL backend

Anyway at the moment current setup is all on one server with SQL Express.

I have moved it onto a SQL 2005 Std box and a Windows 2008 IIS7 application server - front page loads fine but I can't find where to point it at the seperate SQL server

Have tried various settings in web.config but I dont seem to be getting anywhere

Anyone got any ideas and or quick fixes?!

 

[~J~]

If it's been programmed crap, then the programmers will have probably hard-coded the IP address, username and password of the SQL Server in the code itself which is now compiled in the DLL file.

It'd be easy to get these details using something like Reflector, but, you'll probably already know these and/or they'll be no much use as you can't change them.

If you've got the source code (.aspx and .vb files) then you should be able to load the project in Visual Studio, find and replace the offending settings, recompile and redistribute.

Are you 100% sure there's nothing in the .config file?

 

[Teledude]

The web.config in the app root folder is as follows....

<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->

<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configSections>
<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="Everywhere"/>
<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="false" allowDefinition="MachineToApplication"/>
</sectionGroup>
</sectionGroup>
</sectionGroup>
</configSections>
<appSettings/>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.

Visual Basic options:
Set strict="true" to disallow all data type conversions
where data loss can occur.
Set explicit="true" to force declaration of all variables.
-->
<compilation debug="true" strict="false" explicit="true">
<assemblies>
<add assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies>
</compilation>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</controls>
</pages>
<httpHandlers>
<remove verb="*" path="*.asmx"/>
<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" validate="false"/>
</httpHandlers>
<httpModules>
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<httpRuntime maxRequestLength="1048576" executionTimeout="3600"/>
<sessionState mode="StateServer" timeout="60"></sessionState>
<authentication mode="Windows"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="Off"/>
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<!-- Uncomment this line to customize maxJsonLength and add a custom converter -->
<!--
<jsonSerialization maxJsonLength="500">
<converters>
<add name="ConvertMe" type="Acme.SubAcme.ConvertMeTypeConverter"/>
</converters>
</jsonSerialization>
-->
<!-- Uncomment this line to enable the authentication service. Include requireSSL="true" if appropriate. -->
<!--
<authenticationService enabled="true" requireSSL = "true|false"/>
-->
<!-- Uncomment these lines to enable the profile service. To allow profile properties to be retrieved
and modified in ASP.NET AJAX applications, you need to add each property name to the readAccessProperties and
writeAccessProperties attributes. -->
<!--
<profileService enabled="true"
readAccessProperties="propertyname1,propertyname2"
writeAccessProperties="propertyname1,propertyname2" />
-->
</webServices>
<!--
<scriptResourceHandler enableCompression="true" enableCaching="true" />
-->
</scripting>
</system.web.extensions>
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
<modules>
<add name="ScriptModule" preCondition="integratedMode" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</modules>
<handlers>
<remove name="WebServiceHandlerFactory-Integrated"/>
<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</handlers>
</system.webServer>




<connectionStrings>
<clear/>

<add name="LocalSqlServer" connectionString="Data Source=xxxxxxx;Initial Catalog=xxxx;User Id=xxxxxxx;Password=xxxxx;"/>

</connectionStrings>



</configuration>

And this is the error when trying to login to the site

Server Error in '/' Application.
--------------------------------------------------------------------------------

An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)

I have all the code but no visual studio experience - even messing about with this is confusing

 

[~J~]

It's there:

<connectionStrings>
<clear/>

<add name="LocalSqlServer" connectionString="Data Source=xxxxxxx;Initial Catalog=xxxx;User Id=xxxxxxx;Password=xxxxx;"/>

</connectionStrings>

*edit*

Just make sure that either:

a) Your server name and login credential match the above
or
b) You change them accordingly to match your server name and login credentials.

 

[Teledude]

That is my servername and details - doesn't want to play ball though

Wonder if it could be coded elsewhere?

 

[~J~]

Well if it's coded there, I'd doubt they've hard coded it. COULD have, and very plausable, but, personally I'd doubt it.

(Have removed your login credentials from my quote!!!) lol

Er, only thing I can think of is to double check that all the details are correct.

One tip:

If you've got Excel, can you connect to the SQL Server and do a simple query using the details you've supplied above?

This would probably rule out as to whether the SQL Server is running good, the details are correct, etc, etc.

 

[Teledude]

SQL is fine its in use all over for dev stuff - does the initial catalog part need to be filled in or is that just for named instances?

thanks for your help mate

forgot to say - it wasnt there - i just added that line to try and make it work

 

[~J~]

A link for you to try:

http://support.microsoft.com/kb/914277

 

[~J~]

Yeah, initial catalog need to be filled in.

 

[Teledude]

Yeah, initial catalog need to be filled in.

with what? database name? \ for default instance?

 

[~J~]

Sorry mate, yeah, the database name:

See if this helps break it down:

Add name="#########" - The name of the actual connecion string that's used in the program.

This WILL need to remain the same as the original as the programmers will use this name to reference connections to the SQL Server.

DataSource=#############

That's your servername.



Initial Catalog=##############

That's the name of the database



User ID=###########

User ID of a user who has access to the database.



Password=############

The password of above user who has access to the database

 

[Teledude]

Just looked at the web.config on the server I pulled it from and there is no connection settings mentioned - makes me wonder if its coded on the dlls

 

[~J~]

If it's not on the original, I'd hazard a guess that it may be hardcoded.

There's 2 schools of thougt as to why you should and why you shouldn't put the credentials in the config file.

On one hand, anyone could acquire the login credentials for a server by simply looking at the config file, thus opening a huge can of worms.

But on the other, it allows the program to be able to move from one server to another without having the source code to recompile.

Dunno to be honest mate.

 

[SimonCHere]

SQL is fine its in use all over for dev stuff - does the initial catalog part need to be filled in or is that just for named instances?

thanks for your help mate

forgot to say - it wasnt there - i just added that line to try and make it work

There's your problem.
If it's not been used when the pages were written, just putting it in wont work.
Time to dig out the souce code and do a search for the old connection string (or a part of it).

On a properly configured website the web.config is not accessable by visitors.

Simon

 

[kkbigal]

On a properly configured website the web.config is not accessable by visitors.
Simon

Yep - ASP.NET doesn't serve up the web.config to visitors by default as far as I'm aware.

It's also possible to encrypt the <connectionString> section of the web.config for extra protection.

 

[cjmUK]

It's also possible to encrypt the <connectionString> section of the web.config for extra protection.

Yes... in .NET Framework v2 or above.