In ArcGIS Server Manager for the Microsoft .NET Framework, it is possible to create a Web application on a different Web server machine. This remote Web application may then be secured in Manager, with designated roles allowed access to the application. When the user logs in to the Web application, the browser may display an error.
By default, a generic error is displayed, except when the browser is running on the Web server hosting the application. In the latter case, the error message displays. The error message may be along these lines:
"Cannot open database "<database>" requested by the login. The login failed. Login failed for user '<user name>'."
The <user name> is typically Network Service or ASPNET.
This error may occur when the user store configured for the ArcGIS Server is in Microsoft SQL Server, though it may also occur with a user store in a custom provider. The cause is that the user store defined in the Manager application is not accessible to the Web application that is running on the remote IIS Web server.
Specifically, the problem may be due to the machine name running SQL Server not being specified adequately, or incorrect permissions for the account accessing the SQL Server or custom provider.
Solution or Workaround
The resolution may require one or both of the following two steps:
- Correcting the machine name or location information for the database.
- Ensuring valid permissions for the account running the application.
The steps below address the problem for SQL Server. For similar problems when using a custom provider, it is necessary to perform comparable steps for a custom provider, such as configuring the provider location and permissions.
- The first cause of the error may be that the machine name of the SQL Server needs to be specified so that the remote machine can find it. To address this issue:
- Log in to ArcGIS Server Manager.
- Click Security - Settings, and click Configure.
- In the Security wizard, the first panel should be set to SQL Server. Click Next.
- In the Specify SQL Server panel, examine the value for the Server. It should specify the server name so that the remote machine can find it. The name should not use "." or "localhost". If necessary, verify that the remote Web server hosting the application can access the SQL Server using the name (or IP address). If the SQL Server machine name was already set to a name that the remote Web server can use for access, skip to step 2 below. Otherwise, change the name, if necessary, to use the SQL Server machine name or IP address.
- If the SQL Server name has been modified, click Connect, and complete the wizard to save the updated settings.
- Go to the Applications tab, and for the remote Web application, click the Permissions button.
- In the Permissions dialog box, click Save (changes can be made to permissions, but it is not necessary). This re-writes the Web application's configuration with the updated SQL Server name.
- Open a browser to the remote Web application and log in. If it is possible to successfully log in and use the application, skip the rest of the steps below. If a permissions error displays, continue with step 2.
- The connection to the SQL Server database must be configured to allow the Web application to access the database.
The approach illustrated here is to use a SQL login to connect to the database rather than Windows authentication. Follow the directions below to change the authentication for the Web application to use a SQL login for the Web application's connection.
- Open SQL Server Management Studio and connect to the SQL Server instance. For SQL Server Express, if necessary, install SQL Server Management Studio Express.
- For SQL Server Express, allow SQL logins. To do this, right-click the server (<servername>\SQLEXPRESS) in the left-hand tree, and click Properties. In the Properties window, click the Security page link. In the security panel, click the option under Server authentication for SQL Server and Windows Authentication mode. Click OK to save the settings and close the Properties dialog box.
- Add a new SQL login by expanding the Security folder and clicking the Logins folder. Right-click the Logins folder and click New Login. In the dialog box that opens, enter a name for the new login (e.g., AGSApplications). Click the option for SQL Server authentication, enter a password, and confirm the password.
- In the same new-login dialog box, click the User Mapping page link. Under the Users mapped to this login, click the check box next to the database that contains the users for the ArcGIS Server system. Make sure the database is highlighted in the dialog box, then, under the Database role membership for: <database>, check the db_owner role. Click OK to create the login and its role. Close SQL Server Management Studio.
- Log in to ArcGIS Server Manager > Security > Settings > Configure.
- In the Security wizard, click SQL Server for the user location, if necessary, and click Next.
- In the Specify SQL Server panel, enter the SQL Server name, using the server name rather than "." or "localhost". Click Connect to connect to the SQL Server.
- In the lower portion of the dialog box that displays, uncheck the Use Trusted Connection checkbox. Enter the login name and password for the SQL login created above. Select the database from the Use existing database drop-down menu. Click Next and finish the wizard as directed.
- Go to the Applications tab, and for the remote Web application, and click the Permissions button.
- In the Permissions dialog box, click Save (changes to permissions can be made, but it is not necessary). This re-writes the Web application's configuration with the updated SQL Server login.
- Open a browser to the remote Web application and log in. Logging in and using the application should be successful. If any permissions error occur, recheck the settings for the SQL login and Manager configuration.