Monday, January 25, 2010

Login failed for user 'NT AUTHORITY\IUSR'

If you encountered this error while running your published website or web service in IIS7:

Message: Sys.WebForms.PageRequestManagerServerErrorException: Cannot open database "[DB_NAME]" requested by the login. The login failed.

Just follow these simple steps to solve the problem.

1. Open SQL Server Management Studio.



2. On the left menu, expand Security then Logins. Check if 'NT AUTHORITY\IUSR' exists. If not then that is the cause of the problem.




3. Right-click on Logins then click New Login...



4. On the General page, click Search...



5. On the next popup window, click Advanced...



6. Then on the following window, click Find Now and find IUSR on the Search Results. Then click OK.



7. Back on the left menu, you'll now see the 'NT AUTHORITY\IUSR' user. Right click on it and click Properties.




8. On the Server Roles page, check on sysadmin.



9. Then on the User Mapping page check on the database name you need access to; and below that on the database role membership make sure to also check on db_owner then click OK.






...And that's a wrap, you shouldn't be seeing the login failed error now.



-k

70 comments:

  1. Thanks for the article this really helped me out.

    ReplyDelete
  2. great article...

    u solve my problem juz now...

    thanks :)

    ReplyDelete
  3. Thanks for the article..

    it helped me alot..

    ReplyDelete
  4. thank you so much
    it solved my problem.......
    it helped me after lot of frustuation

    ReplyDelete
  5. I have NT AUTHORITY\IUSR as part of the allowable login users to my SQL but still getting the same error

    ReplyDelete
  6. Thanks a lot, after several hours of playing around, just what I needed!

    ReplyDelete
  7. A wonderful , Clear and working solution to my frustrating problem.

    ReplyDelete
  8. thank you very very much you help me in this topic

    ReplyDelete
  9. REALLY THAAAAAAAANKS FOR THISSSSS

    ReplyDelete
  10. I have to disagree with this solution, my understanging is this solution grants any anonymous users access to the database which is really bad.

    ReplyDelete
  11. Hi guys, I am trying to follow the instructions but I cannot see 'NT AUTHORITY\IUSR' in the list of my SQL users. How can I add this user? Anything should be set in IIS?
    Thanks,
    V

    ReplyDelete
  12. Thanks a lot, I was so confused having this problem, well done.

    ReplyDelete
  13. Great Article!! Thanks for it!! Just solved my problem in a minute...

    ReplyDelete
  14. Very Thanks Honey :xXx it solved my problem....

    ReplyDelete
  15. thanks a lot, awesome article!!

    ReplyDelete
  16. Thank you so much! This solved my problem :-)

    ReplyDelete
  17. Awesome! It worked!

    ReplyDelete
  18. Much appreciated that you took the time to post this how-to

    ReplyDelete
  19. good work, thanks

    ReplyDelete
  20. Thank you!!! :)
    Very VERY helpful!

    ReplyDelete
  21. Problem SOLVED!!!

    Thanks to you

    ReplyDelete
  22. I am having this error(below):
    Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'

    Adding the 'NT AUTHORITY\ANONYMOUS LOGON' the problem goes away...but I am concern about giving database ownership to NT AUTHORITY\ANONYMOUS LOGON.

    Should I be concerned? THanks

    ReplyDelete
  23. oh my god... I am concern about giving database ownership to NT AUTHORITY\ANONYMOUS LOGON.

    ReplyDelete
  24. very much appreciated!!

    i really prefer tutorials with pictures. very helpful man. thanks

    ReplyDelete
  25. Please don't do this. Granting DBO access to IUSR* is a very bad idea. You want to grant the least rights possible to users. If, after granting public access to a user you still see errors you should be granting access to the stored procedures you are using to public, not just giving users the ability to create or drop any table they like.

    ReplyDelete
  26. I hope you are joking... this is a suicide

    ReplyDelete
  27. What an amazingly bad idea. Granting sysadmin privileges on the server to IUSR or ANONYMOUS LOGON is setting your machine up to get rooted easily. Assign permissions on an as needed basis, granting the absolute minimum required to any given database user.

    ReplyDelete
  28. This article, combined with the "Thank you so much!!!" comments makes this the FUNNIEST. POST. EVER.

    ReplyDelete
  29. I'm printing this out and hanging it on my wall of "Worst Advice In The History Of The World". The author of this post is truly without a clue.

    ReplyDelete
  30. Please folks do NOT follow this advice. This is the SQL Security equivalent to enabling the Guest account in windows.

    Instead the account needed to access should have very minimal rights and only to those objects required. For example, if the account needs to only perform SELECTs and only a few tables, please put the rights specifically there. If there are plenty of tables, create a role and assign permissions that way. Worse case add the user to the data readers.

    ReplyDelete
  31. Bah..Bah...Bah..
    Lots of stupid sheep out there.
    If you don't know what you are doing maybe you should find another profession.

    ReplyDelete
  32. You r the man :)
    Thank a lot Prof.

    ReplyDelete
  33. thanks
    http://www.hoclaptrinhweb.com

    ReplyDelete
  34. Well done. It solved the issue

    ReplyDelete
  35. Thanks, solved the purpose!

    ReplyDelete
  36. Thanku so much dear

    ReplyDelete
  37. Thanks a lot.It Solved My Problem.Thanks again

    ReplyDelete
  38. Leaving my front door open would solve the problem of the next door neighbour not being able to get in and feed the goldfish whilst I'm on holiday...

    ReplyDelete
  39. I really appreciate this type of information, thank you very much for the help, you've helped me solve my problem, Greetings!

    ReplyDelete
  40. master muchas muchas pero muchas gracias!

    ReplyDelete
  41. too good. 2 days of hard work, din't found this issue. thanks to this blog :)

    ReplyDelete
  42. virtually all unbelievable foodstuff blogs http://casinogamesonlinex.weebly.com casino games online

    ReplyDelete
  43. Thanks a ton! This is exactly what I needed and following these steps solved my problem. Thanks for sharing this.

    ReplyDelete
  44. Thanks a lot. it solved my problem.

    ReplyDelete
  45. You are great keep up the good work you solved my problem

    ReplyDelete
  46. This is great article. The problem is solved.

    ReplyDelete
  47. Thanks you save my time
    i was struggling for 2 days
    keep it up
    KAS

    ReplyDelete
  48. Thank You, Thank You, Thank You, Thank You, Thank You. This post helped me a lot.

    ReplyDelete
  49. This post has helped me too. I am very thankful. i am wowed at the solution. It worked like magic

    ReplyDelete
  50. let me just say thank you too ;)

    ReplyDelete
  51. Thank you! Solve my problem!!!

    ReplyDelete
  52. when i host that time it show me error how can solve that time plz help me amil me at desaimandar2@gmail.com plz plz help me

    ReplyDelete
  53. I can not see IUSER in search directory

    ReplyDelete
  54. DONE DONE DONE DONE......WOW WOW WOW WOW........ Problem finally resolved :)

    ReplyDelete
  55. An you wonder why credit cards and personal information get stolen..

    ReplyDelete
  56. Such blogs make our work so easy. thanks alot..keep up the amazing work you are doing

    ReplyDelete
  57. This is the worst advice you could possibly give, granting IUSR sysadmin access and then map it to the database as a db_owner shows a clear misunderstanding of database security. There will now be a lot of vulnerable webpages out there now.

    Just map the login to the required database with only the required permissions, i.e read only if all it does is display data on webpages even better execute permission to the stored Procedures which display and update data. Use ‘The Principle of least privilege’ to help protect your site, its exposed to the internet.

    The above advice will allow for a SQL injection attack which could delete every database on the server and possibly delete all backups using xp_cmdShell, a sysadmin can enable it.
    It goes on but I’ll stop now.

    ReplyDelete
  58. Thank you, this solved my issue.

    ReplyDelete
  59. This comment has been removed by the author.

    ReplyDelete
  60. Wow..Solved my issue!!!Spend last two days resolving the same.Thanks

    ReplyDelete