I have an ASP.NET application on Server A and a SQL Server on Server B.
When running the appliction it calls a stored procedure. This procedure try to bulk insert from a file from a shared folder on Server A, but the following error occured:
Cannot bulk load because the file "\serverA_address\sharedFolder\test.txt" could not be opened. Operating system error code 5(Access is denied.).
The strange is that when I execute the bulk insert from the sql management studio directly, it runs without any exeptions.
Another observation: if I change the shared folder address to a local folder where the sql server runs (Server B) without shareing, no access denied error...
I tried to set bulkadmin permission to all the users, including the technical users: sql_serviceusr who runs the sql service, another technical user who runs the application and make the call to sql server and to the user who logged in to the application. All users are domain accounts and all servers using Kerberos authentication.
Server A: Windows Server 2008R2
Server B: Windows Server 2008R2, SQL Server 2008R2
Appreciate any help or guidance.
You are doing a double hop, so you need to enable Kerberos delegation.
You could create a connect account and use SQL authentication.
In my experience, getting our network folks to properly set up Kerberos is like pulling teeth. We had it working for one glorious week once and then it suddenly stopped working. It just wasn't worth the hassle after that.
This might not be the exact answer you're looking for, but could be an interim solution for you.
By your description of the error, I assume the problem is in sharing the folder.
When sharing a folder, you should give access to the user who will be accessing the folder from remote computer in two places in folder's properties: under the Share tab and under Security tab.
Did you give access in both of them?
Related
I have a new install of SQL Server Express 2017 running on Windows Server 2016. IIS 10 cannot access the database on this SQL Server. (No problem from Visual Studio.) What security do I need to configure in SQL Server, IIS, and the file system (.mdf files)? I have researched this for many hours, but cannot find a current solution. I used to be able to solve this by adding NETWORK SERVICE or SYSTEM under NT AUTHORITY, but that doesn't seem to do the trick. Does something have to be done with Application Pools?
From your comments I guess that you should map your login to your database:
use xxx;
create user [WEBBER\s4$] from login [WEBBER\s4$];
This will fix your error but for normal working you should also give the necessary permissions to your user.
If it should have control over database xxx, make him db_owner like this:
ALTER ROLE [db_owner] ADD MEMBER [WEBBER\s4$];
The "strange" name you see is your pc's name, this is because Network Service or Local System accounts goes to network under the pc name.
I am using Microsoft.SqlServer.Management.IntegrationServices in an ASP.NET web form to access an SSIS project in SSISDB. Testing locally on my own PC I am able to access the package from the test server and it runs fine.
My issue comes up when I try to run the site from the test server. The same test server hosts the site with IIS 7 and hosts the Sql Server database which stores the package with Integration Services. So like I said, the package is hosted on the server and when I run the site locally on my PC, all works fine.
When I run the site on test and try to access the package I get:
System.Data.SqlClient.SqlException (0x80131904): Login failed for user '[DOMAIN]\[PCNAME]$'.
I am using integrated security in my connection string:
SqlConnection connection = new SqlConnection(#"Data Source=[Test_Server];Initial Catalog=master;Integrated Security=True;");
IntegrationServices integrationServices = new IntegrationServices(connection);
My error comes up here when trying to connect.
I've tried adding '[DOMAIN]\[PCNAME]$' as a Sql login using Windows authentication with every permission I can think of. User mapping for database SSISDB has accessadmin, datareader, datawriter, owner, public, and ssis admin. I know not all of these should be needed, but I'm trying everything.
I went to SSISDB under databases, and gave the login permission to Connect, Execute, and Select.
Under Integration Services Catalogs I gave my folder, under SSISDB catalog, permission for the my Windows User ('[DOMAIN]\[PCNAME]$') login to Read, Execute Objects, and Read Objects.
I gave the SSISDataTransfer project permission for the Windows User to Read, Modify, and Execute.
I'm out of ideas and figure it's probably some IIS issue. It has Windows Authentication installed and set.
Anyone have any ideas? I've found posts about how to get the code to work, but nothing on connection specifics. Thanks!
i have had similar problem recently and i have worked with SSIS packages being used with web applications too. in my opinion you should use a custom user account to be used as your app pool account. and you will have to add this account to your database server. when running an app pool as local system or network service, the account being used for connection to a remote database server will be "DomainName\MachineName$" which will be different for every machine which tries to connect to your sql server. so instead of adding all these user names in sql, you will be better off using a custom user account.
Secondly looks like your web application does not run on the same machine as your sql server which i think will not work because you can invoke SSIS package from the same server only.
Another thing to try is to add a credential to sql server - in Security - Credentials in SQL Server management studio. This credential would be the authenitcated user that you are running it successfully under. Then in your SSIS package, in SQL Server agent, go into the job step and in the "Run As"drop down, select the new credential for your user that you created.
I have an ASP NET APP that's trying to access a sql server database, when I run it, I get an error saying
"Login Failed for user IIS APPPOOL\DefaultAppPool"
Searching the web I found that I should grant access to this user, so I executed the following script:
grant execute on schema :: dbo to [IIS APPPOOL\DefaultAppPool]
It executed succesfully as a script for my database, but I still get the "Login Failed" error.
What's missing?
Check the user your DefaultAppPool is using to connect.
On your IIS manager check DefaultAppPool advanced properties and look for Identity. You need to give it a user with enough privileges, depending on what your site is going to do.
I usually create different AppPools for different sites depending on what they will do, for example, if your app will write documents to a folder on your server, the user of the AppPool will need writing access to that folder.
Also is not a good idea to use an administrator user, as it could lead to potential security breaches. However it could be a good way to check if your problem comes from there.
I think I already know what it is. When I upgraded SQL Server Express, it installed a new server .\SQLEXPRESS (because I used "new sql instance"), remote connections where configured in this server and not LocalDB, my database was still in LocalDB. But now I get other error, maybe related to WCF Data Services...
I have a Website and it works fine locally (when I run it using MS Visual Studio 2010), but When I uploaded it on the Web, it gives me this error message!
So, please what should I do to fix this problem?
Many thanks.
Look at the authentication information in your connection string. Whatever user is trying to access the database, make sure they have permission.
Posting the connection string stored in ATRProDBConnStr might give more insight as well.
So, please what should I do to fix this problem?
You should check the permissions between the web application and the SQL server.
Is the connection string correct (providing the correct user credentials for the application)?
Does the production database have grant the same permissions to the application's database user as the local database?
If the application doesn't use credentials, does the database grant the same permissions to the server's web application user as it does the local application user?
The error is basically SQL server telling you that your application isn't allowed to perform an action on the database. The application works fine (except for the lack of error handling which generated this page), it just needs permissions on the SQL server.
I am having a problem with deploying a ASP.NET V2 web application to our deployment environment and am having trouble with the sql server setup .
When I run the website I get a Login failed for user 'MOETP\MOERSVPWLG$'. error when it tries to connect to the database.
This seems to be the network service user which is the behaviour I want from the application but I don't seem to be able to allow the network service user to access the database.
Some details about the setup. IIS 6 and SQL Server 2005 are both setup on the same server in the deployment environment. The only change from the test setup I made is to point the database connection string to the new live database and of course copy everything over.
My assumption at this point is that there is something that needs to be done to the SQL server setup to allow connections from asp.net. But I can't see what it could be.
Any Ideas?
It sounds like you're able to connect to the database alright and you're using integrated windows authentication.
With integrated windows authentication your connection to your database is going to use whatever your application pool user identity is using. You have to make sure that the user identity that asp.net is using is on the database server.
If it is a fresh install not everything may be setup. Check SQL Server Configuration Manager, http://msdn.microsoft.com/en-us/library/ms174212.aspx. Step by step instructions http://download.pro.parallels.com/10.3.1/docs/windows/Guides/pcpw_upgrade_guide/7351.htm.
The user name you've indicated in your post is what the Network Service account on one machine looks like to other machines, ie "DOMAIN\MACHINENAME$".
If you are connecting from IIS6 on one machine to SQL Server on another machine and you are using Network Service for the application pool's process identity then you need to explicitly add 'MOETP\MOERSVPWLG$' as a login to the SQL Server, and map it to an appropriate database user and role. Type that name in exactly as the login name (minus quotes, of course).
Make sure there is a login created for the user you are trying to log in as on the sql server.
There's a few different things it could be.
Are you using integrated windows authentication? If so, you need to make sure the user ASP.net is running as can talk to the database (or impersonate one that can).
Does the web server have permission to talk to the database? Sometimes a web server is deployed in a DMZ.
If you are using a SQL Server login, does that same login exist on the production server with the same permissions?