We have single lower environment server where we publish all our applications for Developer testing, pre-business testing etc. Problem we are facing here is all the developers changing settings in the config file for their convenience.
For example, development application should point development SQL db, but they are changing it to QA. and in some cases instead of publishing the application to staging they are changing QA connection strings to staging because publishing to staging requires extra effort (Merging the code to Main branch etc). No matter how many times we send email to development group they keep doing the same thing.
Is there a way to control web.config/app.config edit permissions and limit it to one person based on the application?
If SQL Server Connection String is the problem, you can use cliconfg.exe to set a specific ALIAS, in this case you must configure the alias on each server in your environment (development, test and production), with this, the connection string will always be "Data Source = SRVDBAPP" on the web. config / app.config.
Internally each client SQL Server will redirect to the corresponding database.
Related
Scenario
I have an application that I have been developing for two years. I use the framework .NET to develop it in a language called Oxygene that comes from Pascal.
When I have something new in my code, I publish my application in File System method. I have a couple servers working on Amazon EC2, so I transfer this files to a folder in my IIS Server. In this IIS Server I already have a website that corresponds to my application, so I just replace the old files for the newest files.
I have another server that works as an SQL server.
Last detail is that in my application the user is able to attach files, import pictures, export PDF and Excel files. Attachments and pictures are stored in the same folder the application is located.
Issue
Here is my problem. I have got a new client that is kind of a big client. It seems like this company has a strong IT security, so the application must be located in their servers.
The big problem is that they required my application to be set in the following architecture:
I am used to only use an app server (works for external access) and a SQL server. They want the third server in DMZ net so they can let external access happen. The reason the application can't be placed in the DMZ is because there are the files I mentioned bellow that the user stores in the application. The database stores all the data, but not those files mentioned.
Solutions I have offered, but won't be accepted:
Publishing the application in a IIS server located in the DMZ: That won't be accepted since my application stores user attachments in the same folder the application is located. There are also images stored there.
Publishing the application in the app server, but also publishing a empty application in the DMZ server redirecting to the IIS server inside the LAN: That's the best solution I have come up.
Using a reverse proxy to protect the LAN Net: This is off the table, since reverse proxy is not safe at all.
I am kind of confused because I can't see a way to separate my application in two to make it work in that suggested architecture.
Can anybody give me a hint or ideas of how this would work?
-
You can't "redirect" to inside the LAN, a redirect is a client-side operation, so if the internal server isn't already exposed, you can't redirect someone to it.
A reverse proxy is likely your best bet. Why do you believe it is not safe? This is a tried-and-true solution, it allows you to leave additional ports/services open to internal requests (like a file server, which it sounds like you are trying to expose).
How are these files getting uploaded? Are you using FTP? SMB? HTTP? This solution will not expose those other protocols to the outside world (please don't expose SMB to the outside, it will result in tragedy). Do the external users need to upload these files?
I created a simple ASP.Net Core application with user authentication (so all the Entity Framework has been preloaded into the web app template). It is connecting to my database with the connectionString that is located in my appsettings.json file, with "data source = {computerName}\\{serverName}" setup.
The database instance and Visual Studio are located on the same machine. This works fine in returning data to the web api while within development and debugging mode. When I publish it and try to go to the site from a domain name it does allow me to view the webpages that are not needing database connection but the rest that need data from the database returns pages like this:
Error.
An error occurred while processing your request.
Development Mode
Swapping to Development environment will display more detailed information about the error that occurred.
Development environment should not be enabled in deployed
applications, as it can result in sensitive information from
exceptions being displayed to end users. For local debugging,
development environment can be enabled by setting the
ASPNETCORE_ENVIRONMENT environment variable to Development, and
restarting the application.
I have tried to change the Environment Variables for ASPNETCORE_ENVIRONMENT from Development to Production to no success.
I have tried adding appsettings.Production.json to publishOptions in my project.json file, even though there is no file appsettings.Production.json, and this did not help. dotnet publish
Adding the evironment variable in the web.config file did not work Deployment
I need help getting the published web api to connect to my SQL Server database from outside the development Visual Studio setup.
The last thing I can think of is that maybe I am incorrect in how I understand the connection string. If the web api uses the connection string to connect to the database from the server-side then it should work just fine like it does when in development calling to http://localhost:port# since it's all on the same machine. But, if the database string needs to be based on a client-side call then it would have to be with domain names and IP addresses.
Can someone tell me which one it is?
The only thing else that comes to mind is that there is something I am not doing, and need to do, inside of IIS Manager. I see connect string there as well but unsure what that is for our does since the connection string is inside the application. Also maybe I am suppose to give the app some kind of authorization to communicate with the database server even though they are on the same machine???
After much research, finally googling "how to deploy a web api in iis" I was able to learn from Host ASP.NET Web API in IIS using Visual Studio Publish that I needed to add the security entity BUILTIN\IIS_IUSRS. Then placing a mapping to my database tables and giving db_datareader (and possibly db_datawriter) for the database to the IUSER to allow access from my self hosted IIS web api. This from the above mentioned link with the part stating
Accessing Database under IIS APPPOOL\ASP.NET v4.0
As we are using ASP.NET v4.0 App Pool make sure IIS APPPOOL\ASP.NET v4.0 is added to your Database Server -> Security -> Logins.
I built a prototype I'm looking to deploy. It uses a database file MySite.mdf that I created. At some point in the process, the database file ASPNETDB.mdf was added to the project.
When I look at the web.config file, I see the connectionStrings tag but in there I only see the nested tag for MySite.
Now that I'm looking to deploy, what do I put for the second file in the tag.
Thanks.
You are using a SQL Server Express User Instance; if the server you are deploying to support this, then you won't need to change your connection string when you deploy.
The most common problem deploying a user instance database is that the server doesn't support user instances. (Note that user instances are only supported by SQL Server Express Edition). If the server doesn't support this configuration, you'll have to create a database on the server and change your connection string, a process that could involve quite a few steps.
If, on the other hand, your server supports users instances and it's using the same SQL Instance name that you are, e.g. SQLEXPRESS, the default instance name, you should be able to simply deploy your site and it will run (as long as you include the ASPNETDB.mdf file in the deployment).
I'm stumped. I have a client site on a virtual private server - Windows Web Server 2008 SP2, IIS7, SQL Server 2008 Express.
I'm trying to setup a second web application, to allow him to review updates prior to their going live. I've created the web application in IIS7, and I have added a second database to SQL Server. The second db is essentially a copy of the production db, with 'DEV' prefixed to the database name and a few new fields in a few tables.
My production site works fine. However, the test site comes back with an SqlException: "Invalid column name 'version'." This is one of the new fields - which leads me to believe that my dev site is referring to the production database, and not the dev database. Connection strings, however, do point to different databases (although the login is the same for both):
Production site: "Server=.\SQLExpress;Database=myDbName;User ID=myUserName;Password=myUserPassword;"
Dev site: "Server=.\SQLExpress;Database=DEVmyDbName;User ID=myUserName;Password=myUserPassword;"
Seems like this should be something obvious that I'm missing. A colleague suggested that I create another application pool for the second IIS application, but it does not seem to have helped.
UPDATE, following further testing:
I changed the dev site's connection string to
"Server=.\SQLExpress;Database=DEVmyDbName;User ID=devuser;Password=myNewDifferentPassword;"
and created a new SQL server login on the database, and only gave it access to the dev database. I also set the dev database as the account's default database. I removed access to the dev database from the production login. When I try to login to the site, I get the following error:
The server principal "devuser" is not able to access the database "myDbName" under the current security context.
As a result, there are two things I know for certain:
Since it's using the new username to login, I know the app is using the connection string I'm feeding it;
For some reason, once logged in, it appears to be ignoring the specified database and trying to use the production database instead.
I don't think it should make a difference, but I will mention I'm using NHibernate for database access.
Still stumped.
It turns out that NHibernate was significant. One of the NHibernate configuration options that was set was "default_schema" - when I removed it, the app started connecting to the correct database.
It appears that the default_schema property was overriding whatever database was specified in the connection string.
How can I get two separate ASP.NET sites, in this case a Web Site using Entity Framework and Web Service, to use the same local database mdf & ldf?
I looked around and I think that this kind of local DB is called a User Instance - at least they way I'm currently using it. I wasn't sure if it would work or not until I found the below info from the MSDN Library and now I'm really not sure if it will work.
User instance scenarios include:
...
Dedicated ASP.NET hosting using Windows Authentication. A single SQL Server Express instance can be hosted on an intranet. The application connects using the ASPNET Windows account, not by using impersonation. User instances should not be used for third-party or shared hosting scenarios where all applications would share the same user instance and would no longer remain isolated from each other.
Will this work right away without any extra configuration? When I try to add a DB to every successive application, I get a file in use error if anything else is using the DB which leads me to believe that I can't do it this way. However, if I stop the DB from being used, then add it, and then start it up, it seems to work fine. Does anyone have any reassurance for me that it won't be corrupted or experience any errors by using it this way?
Preferably, the mdf & ldf would be stored in the Web Site's App_Data directory (|DataDirectory|). If I do it this way, I don't think I can reliably use relative addressing for the Service unless I put it in a sub directory for the Site, is this correct?
edit: I'm using SQL Server Express because this is an assignment for school, so I pretty much have to use it. If there is a way without User Instance I'll try to do without it.
You can't use User Instance for this. This allows just one client at a time to connect to your database. When your two applications use the same credentials, you get the error you describe. When your two applications use different credentials, you essentially get two separate instances (also not what you want).
Besides, user instances are only supported on SQL Server Express. I don't know what your production environment looks like, but it probably does not run on SQL Server Express?
You should use AttachDBFilename in the connection string of your web application to point to the local database: AttachDBFilename=|DataDirectory|\MyDB.mdf.
In your web service you also use AttachDBFilename but it depends on the deployment location of the web service where to point it to.