i publish an mvc3 application on a webserver IIS7 and i want to connect my application with a remote SQL server ( different machine)
here is my connection string:
connectionstring="server=server;database=db;user Id=user;password=psw;user instance=false" providername="System.Data.SqlClient"
i m using entityframework.
i also added the user in the connectionstring to security folder under database in sql management studio with dbo rights.
the problem is i get an error : failed to open a session for the user
SQL exception (0x80131904)
Have you checked the user mapping for the login?
You can find the logins under the server folder security -> logins.
Check there is a login mapped to the database user. Select the appropriate login -> properties -> user mapping tab.
The fact that a user exists in a database, does not directly mean that there is a valid login associated with that user. Ensure that a login maps to the database user and that the user has the required database role.
After hours of research i just figure out that adding the whole groupe of computers (Domain\Computers) granted me the access to the database. i changed my connectionstring to use integrated security= sspi. From the beginning it was a Connection problem.
Related
I have created a website using ASP.net with simple data connection which is working fine in localhost. when I want to publish the same, I am getting this error. "Cannot open database "Abcdb" requested by the login. The login failed. Login failed for user 'XYZ-Domain\XYZ-SVR-01$'.
I don't have the user 'XYZ-Domain\XYZ-SVR-01$' in my SQL Server (SQL Express 2012).
I have my server in a virtual machine .
my connection string is "Data Source=XYZ-05-VM1\SQLEXPRESS;Integrated Security=True;Initial Catalog=Abcdb".
do I have to create a user in my database as shown above or else can I use existing database user. I am very new to this technology. Kindly help me.
Try it
<connectionStrings>
<add connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=Abcdb;Integrated Security = SSPI" providerName="System.Data.SqlClient" />
</connectionStrings>
The error means that the server could be reached and the database name is correct. The problem is that the login is invalid.
From the login name I suppose that you have set Integrated Security=SSPI in your connection string and therefore try to authenticate with the account that your application is running under at the SQL Server. On your development machine, this is your user account that on a typical developer machine will be granted high access rights to the local SQL Server.
After you have deployed your application to IIS, it will run in an AppPool that is basically a process under a specific user account (the AppPool account). You need to grant this user account access to the database. In your case, this account is the Network Service account of the server you have your application deployed to. So you need to either grant the Network Service account access to the database or follow this - cleaner - approach:
Create a new Service account in your domain that is dedicated to your application.
Configure your AppPool to run under this account. Assert that the account has the minimum amount of access rights on the server that is possible.
Grant this account access to your database.
If you want to check the database connection settings, have a look at the connectionStrings section in your web.config. This link shows the available settings for SQL Server.
I've been given a backup of a production SQL database to begin writing an application against.
I've got it running as a local instance and using Windows Authentication and I can READ the information, however I cannot figure out how to get IIS to use my Windows Authentication to log into the SQL server when running a local ASP.Net website.
I don't have the authority on the DB to add users, and I'm getting an error of System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. when I try to access a page that reads the database.
I don't think I will be able to communicate with the DB admin for a while to get him to fix this up for me. Is there anything I can do here?
Your asp code is using the same identity that IIS runs under - the Network Service account. To get it to use your credentials, you can either hard-code them into a connection string or you can use impersonation (see this link: http://msdn.microsoft.com/en-us/library/aa292118%28VS.71%29.aspx)
The gist of the link:
Put this in your web.config file: <identity impersonate="true" />
-t.
You need to create an account in SQL Server for the Network Service account,ex via SSMS via the "Security" section, right click on "Logins" and select add. You will be adding a Windows Account, you can then lookup and validate the name "NETWORK SERVICE". Then switch to the "User Mapping" section and grant permission to view your database.
reference : http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015%5Fsqlserver
2nd Alternative
If "integrated security=sspi" is there in your connection string than you should:
Turn on integrated auth in IIS
Turn on windows auth in asp.net
Turn on imerposation in asp.net
Hopefully it will help.
I am using SQL Server 2008 R2 and am facing a problem. The application that I have developed needs to be tested at client's site which is at different locality. So I plan to configure the client's machine once and then for any changes related to application I will just distribute a asp.net mvc deployment package which client can deploy on IIS. For that, I need to provide my asp.net application ability to drop and create database (through codefirst entity framework). In the present configuration, I am facing permission issue related to dropping the database. The Application somehow is unable to drop the database. Here is summary of IIS and SQL Server configuration that I am using.
For IIS, I have set the Application Pool Identity to "Local Service" as per the standard practice. The connection string in asp.net web.config file is given below.
connectionString="Server=.\SQLEXPRESS;Database=SomeDatabase;Trusted_Connection=true;User Id=someuser;Password=somepassword" />
For SQL Server Service, I have provided "Local Service" as log on, again providing the minimum access here for the service. For SQL Server Instance Logins I have defined the user and password and given complete authority ("sysadmin") role.
With this configuration in place I was expecting my IIS application to connect using the user and password created above and have the ability to drop and create the SQL Server database. But I am getting permission denied for Dropping Database. The Exception is given below.
System.Data.SqlClient.SqlException (0x80131904): Cannot drop the database 'SomeDatabase', because it does not exist or you do not have permission.
I have checked that the database exists so it boils down to permissions. Am I missing out some configuration ?
To be clear, your connection string is a bit malformed, and may not be behaving as you expect.
When you specify Integrated Security=true in your connection string, then Windows Authentication occurs. Any user id= attribute in the connection string will be ignored.
Switch to SQL Server authentication mode by dropping your Integrated Security=true attribute.
Server=.\SQLEXPRESS;Database=SomeDatabase;
User Id=someuser;Password=somepassword;
Further, the DROP DATABASE command can be executed by the database owner, a user who's a member of the db_owner role, or a user in a server admin role.
Add the database user someuser to the db_owner role.
EXEC sp_addrolemember 'db_owner', 'SomeUser';
Alternatively, if you determine that the account above should NOT be in this role (i.e. restrictive security environment, policies, etc), consider creating and using another account just for this purpose. This would likely mean maintaining another connection string. If the separation of users/roles is important enough for you, perhaps this second option will work.
I think that the real account being used on the Sql connection is the 'Local Service' because you defined Trusted_Connection=True in the connection string. Try to remove it and see what happens. If I'm not wrong, this parameter will make use of a Windows Integrated Account, the Local Service in your case.
While specifying credentials in the connection string, you either need to omit Trusted_Connection part or set it to False
Data Source =myServerAddress; Initial Catalog =myDataBase; User Id =myUsername; Password =myPassword;
OR
Server =myServerAddress; Database =myDataBase; User ID =myUsername; Password =myPassword; Trusted_Connection =False;
Refer http://connectionstrings.com/sql-server-2008 for more details.
I am using SQLServer2005 and VS2008. My connection string in web.config is:
add name="library" connectionString="Data source=KMT; Initial Catalog=Library;Integrated Security=SSPI"
Here, KMT is my server name, Library is my database.
When I run my page through VS2008 localhost, it's fine. However, when viewing through IIS it shows an error message like "login failed for user, 'KMT/ASP.NET'". My sqlserver authentication mode is windows and it's ok in web.config. What will be the solution?
Using "Integrated Security" means logging in to the database with the identity of the user running the process. When you run the local VS web server, it runs as your login. But in IIS, the web server worker process runs as a predefined user account. Your worker process identity must have rights to your SQL Server and database.
Check the properties of your App Pool in IIS. If you are running as Network Service for example, go into SQL and create a new user, enter Network Service as the Windows user name, and grant that user rights to your database.
one of my friends helped me to solve this problem as
i executed the SQL to add ASPNET as a login to
my DB and setup DA permissions
exec sp_grantlogin N'MACHINE\ASPNET'
exec sp_defaultdb N'MACHINE\ASPNET', N'Database'
use Database
exec sp_grantdbaccess N'MACHINE\ASPNET', N'ASPNET'
exec sp_addrolemember N'db_owner', N'ASPNET'
here MACHINE is machine name and database is my database name.
but through this the ASPNET user has total
control over that DB.
VS2008 uses your credentials to authorize to the db, IIS is using different account.
Make sure the IIS account has enough permissions.
If you use Integrated Security=SSPI, the credentials of the current user (in VS that would be YOU) are used to connect to SQL Server.
From an IIS app, the user associated with the IIS service is used for log in.
Solutions:
Assign the IIS service a special user that's allowed to connect to SQL
Use SQL Server authentification to access the database, and stored username/password in the connection string
Were you planning to use the ASP.NET system account or the users windows account?
If the latter you need impersonation. That works if SQL and IIS are on the same machine, otherwise it is a double hop and requires a non trivial amount of work to set up delegation.
If the server is windows 2003 you can give the Network Service the permissions to access to SQL Server
For debugging purpose, I backedup one of QA database and restored to local machine. Since it is in my local machine, I just want to connect to it using Integrated Security=True in my asp.net application. But I am getting following error:
Cannot open database "db1" requested
by the login. The login failed. Login
failed for user "DEV-LPTP-1784\ASPNET".
Any thoughts?
Thanks.
Delete and recreate database login you use. After db restore the database user has the same name, but inner SQL Server id is different, so SQL Server thinks that server login "DEV-LPTP-1784\ASPNET" is different than db user "DEV-LPTP-1784\ASPNET"
The user that ASP.NET is running under does not have access to that database. You can either grant that user access via SQL Management Studio, or change your connection string to use a specific username and password.