I've been fighting with this all day looking for solutions, and I've come to a dead end. As soon as I put my application on IIS, I've been getting login errors. One of the errors that I fixed was similar to this one which said " Cannot open database "ClientInfo" requested by the login.
Now I'm getting this error, which is the same, but I'm not sure how to modify the permissions of the NT AUTHORITY\NETWORK SERVICE user for this particular DB.
Cannot open database "aspnet-ClientInfo-20140609140222" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
The full error message is here: s11.postimg.org/3x1vj1ezl/Untitled.png
don't worry too much. This is always a headache when it doesn't work the way you expect. Before I get started, please note that Network Service is probably too high of privilege level for any web app. Check out this article to see how to add a corresponding app pool for a specific website to your SQL Server logins: Add IIS 7 AppPool Identities as SQL Server Logons
This is the way I've solved these types of problems:
1.) Make sure you have access to SQL Server Management Studio Express, and log into the database server. If you are running on SQLEXPRESS, set the server name as .\SQLEXPRESS, or whatever your instance name is.
2.) Go to the Security folder at the server level. Right click on "Logins" and select "New Login". To the right of the Login Name text box, select "Search", then "Advanced", then "Find Now" (without entering any search criteria). Scroll down and select "Network Service"
3.) Hit Ok. Then hit OK again. Your new login has been added for your network service.
4.) Go to the Security folder at the database level. Add a new user by right clicking the User folder under security at the database level. Click the 3 dots (ellipsis) next to the login name, and then click "Browse". Select the checkbox next to the login name you created in step 2. Hit ok. Then hit OK again.
5.) The last part is giving your new user a user name (first text box at the top) and then mapping that user to the right privileges. I'm sure some folks that know more than I do will shoot me, but I always select db_datareader and db_datawriter under "Database Role Membership". If you're using the ASP_NET membership schemas, you should select all the basic access roles as well.
6.) Hit Ok.
Depending on the version of SQL server you're using, you may need see a mild fluctuation between my steps above and what you actually need to do. This should get you close, though.
Related
Windows server 2016.
Old users (those, having profiles/folders created at "C:\Users") are able to remote into our server via RDP, but new users are not. Initially the error was The User Profile Service service failed the sign-in. User profile cannot be laoded.
Checking server, it seems "C:\Users\Default" has the only folder/entry "AppData", nothing more. I copied the file "NTUSER.DAT" from similar server "Default" folder. Also, folder permissions are identical.
Now new users are able to login, but it goes to a temporary profile and of course, user's profile at "C:\Users" does not get created.
Event logs does not tell much, basically just confirms login errors/notes we get:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
How this can be solved?
Open the registry editor and go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList then find the key where the ProfileImagePath is the profile location of the user that's not being created. Export, then delete that registry key.
I created a Microsoft Account using my work mail.
Using this account, with 50$ credit, i tried to register my bot (already published using visual studio 2017). The problem is that when i tried to obtain the credentials for my bot, i'm getting an error that says i don't have enough privileges (even though i'm supposed to be the administrator of the account)
Button i clicked to get credentials
Error image
Please log into http://aad.portal.azure.com and go to Users and Groups -> User Settings and check if Users Can Register Applications is set to Yes.
Report sever not working showing error message "Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed" How to Solve it?
This is my error Window
You need to add at least one user as a System Administrator. You can do this in few steps.
Run Internet Explorer as Administrator;
Enter the URL for Report Server Manager (http://localhost/Reports);
Click Site Settings in the upper right corner. That will get you to the settings section;
On the left side click Security;
Click New Role Assignment this will take you to the page where new users can be added with different level of security (admin or user).
Here is a summary of the roles available;
Add your username and choose System Administrator role below.
I am in process of moving Website and its database on a new server under IIS. I moved and attached the database on the new server. Added web site under the IIS, created App pool and made all the changes to the config file to connect to new data source and updated the root folders path.
The index page loads up fine. When i click on another page link, that communicates with the database and I get an error message that reads "Cannot open database "Cdb_name" requested by the login. The login failed. Login failed for user 'db_user'.
I have tried several steps but none seems to work. I am not sure if this is a right place to post this question. Any suggestions/help will be greatly appreciated.
Can you login to sql server using same user name or password. The problem is most likely:
User name / password is wrong
User don't have rights to access to that database
When you move a login from one SQL Server to a different server, it will not work unless it is a domain account. Delete the user from the Database; Security section, then add it back via the Security section. Liek this:
Delete here:
And add the user and User Mapping to the database here:
very simple question:
I have admin site in my web project. So, how can I make it safe?
What I have until now:
Database handled user with userID and userlevel
on the pageload of the admin master page (which includes all admin sites) there is a clause to check if userID is okay (get the user from database) and if userlevel is right
If Not, redirect to Default.aspx with normal master page
if yes, go trought
How safe is it really?
Edit:
The userID is saved in a session on the server.
There is no way to save the login (no cookies).
The user must login to get the userID in the session
The login is saved in a database table user_log with username, password, ip, loginsucceeded and userID
The basic idea looks ok. It all comes down to how you are getting that UserID to make the checks against. If the userID is being passed as a querystring, then that is very bad. If it is stored in a session via sometype of pre authorization then it is better. If you are using SSL, IP checking, etc it will improve your level of security.
The main thing is HOW you are getting the userID to verify against. That is where the exploit will occur. Secure that process and you should be ok with your setup.
Edit: Based on your update this looks ok but it also depends on how secure you really need this to be. How secure is your sign in page? Are you using SSL? Any worries about session highjacking? Why not store an IP with the userID and verify the request IP against the stored IP when doing the UserID fetch from the session?
There are so many security solutions out there. You need to decide how far you need to safely go to ensure the level of security that is necessary for your particular application.
We use integrated windows authentication.
In IIS manager, click the "Directory Security" tab
Uncheck "Anonymous Access"
Check "Integrated Windows Authentication"
This lets you administer who has rights to your admin site by modifying domain accounts instead of using a roll-your-own solution. You can still get the logged-in user's credentials via the Environment class, which can be used to associate any web-specific properties for each user that you want to store in your database. This also has the advantage of automatically handling timeouts, relogin requirement if browser was closed, etc.
Your solution looks almost fine, though it sounds as though you're adding individual user accounts to the SQL server instead of handling everything through the ASP.NET service account login. I'd avoid adding individual user accounts into your database. In ASP.NET, unless you're jumping through some useless hoops, the ASP.NET service account is what is authenticated for DB connectivity, not the user that's logged into the site.