Ask the Expert

Problem accessing SQL Server using ASP.NET

My question is about frequent 680 and 529 events. We have a Web server running Win2K server that has the local user ASP.NET on it. This user is repeatedly trying to access resources on one of our SQL servers, which is running Win2K advanced server, causing the events to be generated. I have given information on the dates and times of the events coming from the SQL server to our Web team, but they can't figure out what is causing the problem. From what I could see, there are no drive mappings on the Web server to the SQL server or anything like that. Have you seen this type of thing before, or do you have any ideas what or how the ASP.NET user is trying to access the SQL server? Thanks for your time and your help. The events generated from the SQL server are as follows:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 9/8/2004
Time: 5:03:41 PM
User: NT AUTHORITYSYSTEM
Computer: SQL Server
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: ASPNET
Source Workstation: Web Server
Error Code: 0xC0000064


Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 9/8/2004
Time: 5:03:41 PM
User: NT AUTHORITYSYSTEM
Computer: SQL Server
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ASPNET
Domain: Web Server
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Web Server
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address:
Source Port: 0

By default ASP.NET applications use the ASP.NET account to access data. The SQL Server is not configured by default to allow access for this account to SQL databases and resources. Remember, file shares are not the only way to access data. WEB DAV, and Web servers can also be configured as part of an application that requires access to SQL data. Ask the Web team to look at ASP.NET applications that use the database and possible error messages that indicate failures.

If the ASP.NET account should be accessing data, then it can be configured to do so. Go to this link for more information. It's most likely that there is some process in the application that is attempting the access. Also, don't rule out an attempt by an attacker to use an ASP.NET application to attempt to obtain data by using it to run SQL queries.

This was first published in September 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: