Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Delphi ISAPI Application Using SQL Server

Posted on 2003-10-23
Medium Priority
Last Modified: 2010-04-05

I'm trying do develop an ISAPI Application using Delphi 7 Professional using MS SQL Server.
I put one TADOConnection whose I configured to the database to be used, tested it and it setting True to Connected property and it worked fine. Also, put a TADOQuery component and set the Connection property to the connection just configured. I have tested a complex sql command in the SQL Query window and it worked fine too.

But the application do not run fine unless it is removed the code that relies database acess.

If anyone can help me thanks in advance.

Question by:AdaoPaulino
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 9612608

I am having the same problem and searched internet but still could not find a  solution yet.

Accepted Solution

StayGreedy earned 375 total points
ID: 9613275
This have may something to do with your ConnectionString.
Are you using Windows NT Integrated Security?
If so, then your ISAPI will use your Web Server Local Security Account (IUSR_[ComputerName] or IWAM_[ComputerName]).  If your Web Server is on the same Server as your SQL Server , then you could add these Local Accounts into your SQL Server.

However, if your Web Server is on a different Server to you SQL Server, then create an Account on your SQL Server for example "iWebUser".  Use this Account in your ConnectionString to access your SQL Server.

Provider=SQLOLEDB.1;Password=[Password];Persist Security Info=True;User ID=iWebUser;Initial Catalog=[DatabaseName];Data Source=[SQLServerName]

Personally, I always use a SQL Server Account to Connect my ISAPI WebApps to my database.

LVL 17

Expert Comment

by:Wim ten Brink
ID: 9613415
As Russell says, this is most likely a security issue. Keep in mind that normally, a user who connects to an ISAPI DLL will be logged in on the webserver as an anonimous user with very limited access rights. One solution to get around this is to go to the IIS configuration of your website and in Directory security turn off the Anonimous Access account. Thus any user who connects to your server must log in. And if you enabled the Integrated Windows security for the webserver, the user does not even have to enter username/password as long as he is in the same domain as the webserver. Otherwise he gets a simple logon dialog before he's allowed to see the page.

Russell provided the other solution, which is: create a database user account and do not use integrated security for your connection. The disadvantage for this is that all web users have the same database access rights. Of course, you could also first ask the user to provide username and password first before allowing them access...
The use of a generic database account for all web users is that none of these users need to know the password to access the database. From a security point of view, this is very useful because this way no user can use his own credentials to access the database outside the website. A good security measure. The disadvantage is of course that many administrators forget to change the password for this database account on a regular basis so the password might be valid for years. So make sure the connection string used is configurable. E.g. a registry setting or INI file key value.

Keep in mind that a webserver application always has very limited system access. For example, you might not have access to the network or to the registry and you might not even be able to see all the files in the system. You're dealing with security here and this can make things quite difficult sometimes.

Author Comment

ID: 9616257
Hi Guys,

I'm worn out. I've tried to use your suggestions, but all still not running. Looking at the tips I want to list some features of my environment:
- Windows 2000 Server Service Pack 4;
- SQL Server 2000;
- Web server and SQL Server in the same machine;
- In the configuration of SQL Server (Edit SQL Server Registration/Properties)  checked the option "Use Windows Authentication";
- checked "Annonimous Access" in the Security Pallete of the IIS configuration, where I've tried to use the local security account (IUSR_....) letting password control to IIS. But I've filled the username with another user/password  of Windows too.

I think I'm confusing now because I tried almost all and nothing go ok.

I thanks to your help until now, but I'd like to ask you for more suggestions or correction of anything wrong I doing.

We'll talk later.

Author Comment

ID: 9623417
Hi Guys,

After several tentatives and analyses about you said I do this:

- unchecked the annonimous acess in the configuration of Web Server;
- checked Windows integrated authentication;
- set SQL Server to Windows Integrated Security (only Windows);
- in the connection string elminate User ID and Password.

However, this is good for this experience. Later, when I'll have SQL Server and Web Server in distincts machines I hope I must check annonimous access and change the connection string.  What do you think about it?

Thank you very much.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
Introduction Raise your hands if you were as upset with FireMonkey as I was when I discovered that there was no TListview.  I use TListView in almost all of my applications I've written, and I was not going to compromise by resorting to TStringGrid…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question