wso2 dss to SQL Server connectivity using Windows authentication - wso2-data-services-server

Can someone please help me with the query shown below?
I am running DSS server in my development server. I want to connect it to my local machine's SQL Server 2014 with servername using windows authentication. I wasn't able to find any documents related to this.
I added jtds jar in the repository/components/lib folder but still getting below error
In the Dss I configured with below details but getting below error(PFA screenshot)
Error:
Driver class com.microsoft.sqlserver.jdbc.SQLServerDriver can not be loaded
Can you please help me, how to define the connection parameters in the DSS to connect my local SQL Server with Windows authentication ?
Thanks
Mahaboob

Bit of a convoluted answer so here goes.
You can use Windows Authentication with DSS, there are many articles describing how to do this. Just google it. However, the limitation is that you must run the DSS service to impersonate a domain user, then, set the username in the connection string and, magic, the user will be impersonated and you will be connected.
Its not all good news. You will be limited to impersonating one user per DSS instance. So unless you can have a single user configured for all the SQL DB's you will use... you get the point.
The simplest way is to enable SQL Authentication. If you are in a corporate MS type shop, then your DBA'a may advise this is not a good practice. In my case, we were successful in granting special business exceptions to enable SQL Auth.
I hope this is helpful

I found the issue. It is due to sqlserver jar file is missing.
we have to place sqljdbc.jar file into repository\components\lib location to get rid of driver class error. please download the jar file from https://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=11774
But my question still remains that how to establish a connectivity to a sqlserver using windows authentication?

Related

Operating system error code 5(Access is denied.) when bulk insert

I have an ASP.NET application on Server A and a SQL Server on Server B.
When running the appliction it calls a stored procedure. This procedure try to bulk insert from a file from a shared folder on Server A, but the following error occured:
Cannot bulk load because the file "\serverA_address\sharedFolder\test.txt" could not be opened. Operating system error code 5(Access is denied.).
The strange is that when I execute the bulk insert from the sql management studio directly, it runs without any exeptions.
Another observation: if I change the shared folder address to a local folder where the sql server runs (Server B) without shareing, no access denied error...
I tried to set bulkadmin permission to all the users, including the technical users: sql_serviceusr who runs the sql service, another technical user who runs the application and make the call to sql server and to the user who logged in to the application. All users are domain accounts and all servers using Kerberos authentication.
Server A: Windows Server 2008R2
Server B: Windows Server 2008R2, SQL Server 2008R2
Appreciate any help or guidance.
You are doing a double hop, so you need to enable Kerberos delegation.
You could create a connect account and use SQL authentication.
In my experience, getting our network folks to properly set up Kerberos is like pulling teeth. We had it working for one glorious week once and then it suddenly stopped working. It just wasn't worth the hassle after that.
This might not be the exact answer you're looking for, but could be an interim solution for you.
By your description of the error, I assume the problem is in sharing the folder.
When sharing a folder, you should give access to the user who will be accessing the folder from remote computer in two places in folder's properties: under the Share tab and under Security tab.
Did you give access in both of them?

Having problems with aspnetsqlmembershipprovider

I have developed in asp.net for years and usually set up membership and roles in the same sql server database I use for cms. However, because I only need to password protect a couple of admin pages in my current project, I thought I would try the built in Account folder setup that Microsoft includes in its website template. So far it's been a nightmare.
I have the login working on my local machine, but when I uploaded to the server, I get the following error:
" A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)" The connection string provided by Microsoft says instance = true.
GoDaddy, the hosting provider, responded to my request to see if they could correct the connection string, by saying that the MDF file in the App_Data folder would only work on a dedicated server. (I'm skeptical...)
Making things even more challenging, I can open the sql express (.mdf) database and see the account I set up using the registration form. But when I try to test the default aspnetsqlmembershipprovider with the web configuration page inside my ap, I get a message saying:
Could not establish a connection to the database.
If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider.
I would really appreciate help in understanding what is happening so, if there isn't a duh solution, I can at least dismantle this thing in an intelligent way and then set up authentication in the webconfig, which would have taken ten minutes.
Many thanks.
Godaddy is wrong. Put your connection here and take a look at it for you. Remember to remove your login id and pwd in the connection string.

ASP.NET accessing a SQL Server in a different server

I have installed a new web application that access a SQL Server database in a different server. I'm using Windows Authentication and get the error of:
Login Failed for user XXX
When I try to set identity impersonate="true" in the web.config file, it just throws an error
Login Failed for anonymous user
Also, I'm using forms authentication to validate users from my website and using a different application pool.
Update: connection string Basically like this:
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
Update:
My Virtual Directory has Anonymous Authentication and Windows Authentication enabled.
Typically ASP.NET runs as an anonomous account. In order to access a remote SQL Server using integrated authentication (SSPI), you'll need to have a bit more "permenant" presence. Easy way would be to shift the app pool to use the NETWORK SERVICE built-in account. Slightly trickier would be to use a named account. On the SQL server side of the equation you will need to give the same account -- either matching user/pass or NETWORK SERVICE -- proper permissions to your database.
Your DBA should be able to help.
It is difficult to provide you with an exact answer because you have not provided your connection string or info on your SQL Server config. Your best bet is to look at the IIS configuration and work out what user is attempting to access the different SQL Server. You then need to give this account access to the database. This is a common problem and most of the changes need to happen in SQL Server unless you can change the account that the web server is running under.

Can't connect to Sql Server

Im getting this error on the production server:
A network-related or instance-specific error occurred while establishing a > connection to SQL Server.
It's on IIS, and connecting to sql server with Windows authentication.
Any idea? or solutions?
The error message listed in the question typically occurs to me when I'm having connection issues, not related to credentials. Is your connection string setup properly? Have you tested it out on a different machine?
Additionally though, with windows authentiation in place, updated the web.config to set:
<identity impersonate="true"/>
solves the issue since the web application impersonates the person using the application, and their credentials have already been verified and are passed on to SQL Server.
Are you sure the production server has access to the relevant SQL Server? You can easily use the ODBC Data Source Administrator to test that this is so.
if it is a web application and you do not use impersonation, the application will try to connect with the IIS user, most likely NETWORK SERVICE, b/c that is the user that is running the app. My suggestion is to either use impersonation (see Dillie's post) or create an application user name and password and use that. I personally prefer application user names for most cases.

How to get ASPNET to be recognized as a Trusted Connection by SQL Server 2005

Here's the situaiton. I'm working on developing a new website to access an old database. This is a DoD installation so there's lots of security around.
The current application is written in classic ASP, VBScript and some javascript. The new systems is ASP.NET.
Accessing the database in the old system meant hitting the server with your own credentials (domainname\username). Now I'm trying to test some of the early development I've done. When I used Cassini (under VS2008), I had no trouble getting to the database because ourdomain\myusername registered with the SQL Server instance as a trusted connection. Due to security aspects that I have to write, Cassini can't serve as a test server anymore - I have to use IIS (we have security card readers here). Cassini can't handle them.
So when I went through all the problems of getting the appropriate accounts added to Administrators on my local pc so that I could debug in VS2008 while using IIS, I tried to connect to the database and I was rejected because MYPC\ASPNET was not a trusted connection.
Altering the existing database is out of the question. Hard coding usernames and passwords for access to the database is out of the question.
I asked the DBA if he could add MYPC\ASPNET to of the domain groups so that SQL Server could see it as a trusted connection (since MYDOMAIN\MYNAME was in a group that was seen as a trusted connection). He tells me that is not technically possible.
In the end there are going to be three or four machines (mine, another developer, the eventual live web server and a future test web server) who's ASPNET accounts are going to be hitting our two SQL servers (live and test).
What do I have to do to make the existing SQL server see me as Friend and not Foe? I looked at impersonation but I get the impression it's not compatible with our system - the business rules make a call to a common routine to create a SqlConnection object and open it (maybe even a SqlTransaction object to go with it) and this object is used for the rest of the business rules and data-access layer until it's done. It didn't look like impersonation would persist once the SqlConnection was opened (and passed, ByRef back to the calling routine)
Thanks in advance for any advice.
You have two options:
Run your web application in an application pool configured to run in the context of a domain account
Use impersonation and configure your web application to use windows authentication only
Use Impersonation
As has already been suggested you should use impersonation.
However if your SQL Server is running on a different machine than your web server then impersonation will not suffice as the credentials of the user will not be delegated to the SQL Server (server hop). In that case you will have to either enable delegation in the AD or create a non-Windows login on your SQL Server and use that instead (this will not work if your SQL Server actually uses the Windows login for access control to tables etc.).
Sounds like you want to impersonate the client who is accessing your web site correct? Have you tried to use impersonation or are you assuming it won't work?
Edit
As Albert points out, impersonation requires the user to be authenticated using Windows authentication. You will want to disable Anonymous Access, and enable Windows Authentication in IIS Management tool.

Resources