Delphi ISAPI Application Using SQL Server


I'm trying do develop an ISAPI Application using Delphi 7 Professional using MS SQL Server.
I put one TADOConnection whose I configured to the database to be used, tested it and it setting True to Connected property and it worked fine. Also, put a TADOQuery component and set the Connection property to the connection just configured. I have tested a complex sql command in the SQL Query window and it worked fine too.

But the application do not run fine unless it is removed the code that relies database acess.

If anyone can help me thanks in advance.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


I am having the same problem and searched internet but still could not find a  solution yet.
This have may something to do with your ConnectionString.
Are you using Windows NT Integrated Security?
If so, then your ISAPI will use your Web Server Local Security Account (IUSR_[ComputerName] or IWAM_[ComputerName]).  If your Web Server is on the same Server as your SQL Server , then you could add these Local Accounts into your SQL Server.

However, if your Web Server is on a different Server to you SQL Server, then create an Account on your SQL Server for example "iWebUser".  Use this Account in your ConnectionString to access your SQL Server.

Provider=SQLOLEDB.1;Password=[Password];Persist Security Info=True;User ID=iWebUser;Initial Catalog=[DatabaseName];Data Source=[SQLServerName]

Personally, I always use a SQL Server Account to Connect my ISAPI WebApps to my database.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Wim ten BrinkSelf-employed developerCommented:
As Russell says, this is most likely a security issue. Keep in mind that normally, a user who connects to an ISAPI DLL will be logged in on the webserver as an anonimous user with very limited access rights. One solution to get around this is to go to the IIS configuration of your website and in Directory security turn off the Anonimous Access account. Thus any user who connects to your server must log in. And if you enabled the Integrated Windows security for the webserver, the user does not even have to enter username/password as long as he is in the same domain as the webserver. Otherwise he gets a simple logon dialog before he's allowed to see the page.

Russell provided the other solution, which is: create a database user account and do not use integrated security for your connection. The disadvantage for this is that all web users have the same database access rights. Of course, you could also first ask the user to provide username and password first before allowing them access...
The use of a generic database account for all web users is that none of these users need to know the password to access the database. From a security point of view, this is very useful because this way no user can use his own credentials to access the database outside the website. A good security measure. The disadvantage is of course that many administrators forget to change the password for this database account on a regular basis so the password might be valid for years. So make sure the connection string used is configurable. E.g. a registry setting or INI file key value.

Keep in mind that a webserver application always has very limited system access. For example, you might not have access to the network or to the registry and you might not even be able to see all the files in the system. You're dealing with security here and this can make things quite difficult sometimes.
AdaoPaulinoAuthor Commented:
Hi Guys,

I'm worn out. I've tried to use your suggestions, but all still not running. Looking at the tips I want to list some features of my environment:
- Windows 2000 Server Service Pack 4;
- SQL Server 2000;
- Web server and SQL Server in the same machine;
- In the configuration of SQL Server (Edit SQL Server Registration/Properties)  checked the option "Use Windows Authentication";
- checked "Annonimous Access" in the Security Pallete of the IIS configuration, where I've tried to use the local security account (IUSR_....) letting password control to IIS. But I've filled the username with another user/password  of Windows too.

I think I'm confusing now because I tried almost all and nothing go ok.

I thanks to your help until now, but I'd like to ask you for more suggestions or correction of anything wrong I doing.

We'll talk later.
AdaoPaulinoAuthor Commented:
Hi Guys,

After several tentatives and analyses about you said I do this:

- unchecked the annonimous acess in the configuration of Web Server;
- checked Windows integrated authentication;
- set SQL Server to Windows Integrated Security (only Windows);
- in the connection string elminate User ID and Password.

However, this is good for this experience. Later, when I'll have SQL Server and Web Server in distincts machines I hope I must check annonimous access and change the connection string.  What do you think about it?

Thank you very much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.