ADOMD.net Impersonate Windows User ID - asp.net

I am trying to connect to a SSAS Cube which uses windows authentication
My web application is stored on a seperate server the SQL Analysis Instance (lets says ServerWebApp) and the SSAS Cube is on ServerCUBE
OLAPCon = New AdomdConnection("Provider=MSOLAP.4; roles=Administrator; Integrated Security=SSPI; Persist Security Info=True; EffectiveUserName=<Domain\Username>; " _
& " Initial Catalog=<DBName>; Data Source=<ServerCUBE>; ")
As SSAS uses Windows authentication I have tried to impersonate my windows login by specifing EffectiveUserName however, this doesn't seem to work as I am getting the follow error:
Either the user, Domain\ServerWebApp, does not have access to the <DBName> database, or the database does not exist.
As you can see it is using the web apps login ID not my windows ID
How would I impersonate my windows ID in the SSAS ADOMD connection string?

This is what tripped me up when I used EffectiveUserName. From MSDN:
To use [the EffectiveUserName] property, the caller must have
administrative permissions in Analysis Services.

You need to configure the IIS server first by creating an Application pool first. Then you need to point this pool to the local path ( folder in C drive) which consists of msmdpump.dll and msmdpump files. Edit msmdpump file using notepad (remove localhost name and replace it with your SQL analysis server name). Provide the username of server name in place of domain\username.

Related

LocalDB Connection Issue

I have been through the mill trying to connect to LocalDB. I have been following a two-part article dealing with this issue on my development workstation. In article part two, I opted for the second option of creating a shared instance of LocalDB and get the following runtime error as YSOD:
Cannot open database "DTC" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\DTC'.
DTC is name of Web Forms application and name of application pool in IIS.
Following the steps in the article for creating the shared instance, I got as far as creating the SQL Server login for ApplicationPoolIdentity as follows:
create login [IIS APPPOOL\DTC v4.0] from windows;
exec sp_addsrvrolemember N'IIS APPPOOL\DTC v4.0', sysadmin
Then I get the following error when executing the query in SQL Server Object Explorer:
Msg 15401, Level 16, State 1, Line 1
Windows NT user or group 'IIS APPPOOL\DTC v4.0' not found. Check the name again.
Msg 15007, Level 16, State 1, Procedure sp_addsrvrolemember, Line 33
'IIS APPPOOL\DTC v4.0' is not a valid login or you do not have permission.
Am using VS2013 and SQL Server 2012 on Windows 8.1. Can't believe how difficult it is to set up LocalDB. What I'm actually trying to do is add Identity membership to existing Web Form application and am open to any suggestions...
IrishChieftain,
I don't recommend use LocalDB for this purpose. If you really want to have a lightweight database just to manage the membership, your best option is SQL Express.
LocalDB is intended to be used for development, not in production cases.
The simplest solution was to login under my Windows identity.

SSAS Error The MyCube either does not exist or has not been processed when attempting to query through ASP.NET

I have a cube, which has been processed, works from the BID environment, and I can run my MDX query in both SSEM, and the BID env. I've created a role that contains the proper accounts/permissions, processed, and deployed the cube, re-processed it in SSEM, etc. Now I'm trying to connect, and extract the data using ASP.NET 4.0, but I'm getting this error:
The MyCube either does not exist or has not been processed
Here's my code:
String connectionString = "Provider=MSOLAP.3; Data Source=myhost;Initial Catalog=myCatalog; User ID=myaccount; Password=myamazinglysecurepassword;";
String mdxSQL = " my MDX, which was taken directly from BID env. cube in design mode";
AdomdConnection connection = new AdomdConnection(connectionString);
connection.Open();
AdomdCommand cmd = new AdomdCommand(mdxSQL, connection);
CellSet cst = cmd.ExecuteCellSet();
...etc
Note: we are not using MSMDPUMP.dll to connect, we'd like to avoid that.
Any Ideas?
A couple things to consider. How are users authenticating to your web app? What account is your application pool running as?
If you're using Integrated Windows in ASP.NET you may be getting a double-hop issue if IIS and SSAS on different servers. This would require you to set up Kerberos and trusted delegation SPN's between your application and the OLAP service.
See (SSAS and IIS):
http://msdn.microsoft.com/en-us/library/dn194199.aspx
http://technet.microsoft.com/en-us/library/dd632778.aspx
Otherwise there may be an issue with the account your application pool is running under. I see in your connection string you have a specific account - so I presume you are trying to connect as one account rather than delegating user credentials to OLAP. The process running w3wp.exe is the identity which will attempt to connect to SSAS. If your application pool is not runnning as a domain account is may not be able to authenticate to SSAS.

Config IIS or ASP.NET to Use 'Login user' in Parallelism rather than 'IIS APPPOOL\\MyAppPool' User

I have a web site in ASP.NET 4 that need Connect to SQL Server 2008 R2 with Parallelism, Also Use IIS 7 and Windows authentication, I use Parallel.Foreach expression, When I use Foreach every thing is fine, but in Parallel.Foreach I get an error: Login failed for user: 'IIS APPPOOL\\MyAppPool'., So after some search I found need to change Process Model identity in Application pool From ApplicationPoolIdentity to LocalSystem:
Or I can add specific user:
But the last one is not a proper solution.
So I check in SQL SPs modified it and add line:
Then the result is: When I use foreach (mean without parallelism) all the registered user is MyLoginUser but with Parallel.foreach (And LocalSystem Identity) the first user registered is MyLoginUser and the others is NT Authority System.
Also I found Parallel Impersonation but not worked either and I got the same error.
As I understand MyLoginUser have not permission to Multi Connect to sql, Am I right?
if yes, so how can I add permission to this user?
In final I try to use ApplicationPoolIdentity and MyLoginUser to use Parallelism to connect to SQL. Does any one have any suggestion?
UPDATE:
I found that the first connection to db is the MyLoginUser then the ASP.NET try to connect more and let ApplicationPool do this, but the applicationpool can not login because have not permission and I also don't want to let it, the only user could connect must be myloginuser.
So the question could be:
How config IIS or ASP.NET to use myloginuser (the same of first user)
to connect with all connections to db (also in Parallel connections)?

get session variable in runtime

There are more web applications (asp.net 4) in own virtual directory of IIS server (under win2003).
And appertain to all own schema and account in oracle 11g database.
After login all users have some session variables (like username,shema name ...etc). I want to get these information for user management in runtime. How can I ask it from the server?
Maybe you are looking for this?
To retrieve:
string username = Session["Username"];
To put things on Session:
Session["Username"]="SomeValue";

working with sql server 2008

I am not used to work with SQL Server(usually I just use express). I run it on windows server 2008, iis7.
I have attached the database to my sql server. I made a web site in iis7 but I get this error message.
Cannot open database "Phaeton.mdf" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Connectionstring I use
<add key="PhaetonConnectionString" value="Data Source=.;Initial Catalog=Phaeton.mdf;Integrated Security=True"/>
Thanks
Since you are using Integrated Security the SQL connection will use the windows identity which is passed from ASP.NET.
You can either change your security to mixed-mode which will involve removing the integrated security. Or use impersonation (check IIS and your web.config) and grant that user access to the database.
Hope that helps
You need to configure your application in IIS to turn off anonymous access and turn on Windows authentication(If yoy want to use integrated security).
Access SQL Server Using Windows Integrated Security
The other way, you can use a connection string with user/password ... with the appropriate login
Problem was that the database I tried to attach was sql express
The problem is here:
Initial Catalog=Phaeton.mdf
In SQL Server Express, you can attach a filename as a local database. That's not how it works on a production SQL Server. In non-Express versions you attach a database permanently, which it looks like you've already done, and you give it a logical name, which is not the same as the primary file name.
I would guess that if the file name was "Phaeton.mdf" then you probably named the database "Phaeton". In which case that part of the connection string should simply be:
Initial Catalog=Phaeton
If that's not the right name, you can get a list of database names from the server using the following script:
USE master;
SELECT name FROM sys.databases

Resources