I'm developing an ASP.NET web app that needs to access an SQL Server database. The server the app needs to run on is running Windows Server 2000, SQL server 2000, IIS6, and .NET 2.0.
If I run the web app on my machine with Visual Web Developer 2010 with the testing webserver in Visual studio, but accessing the database on the actual web server, it works fine. However, If I put this app on the actual webserver, and try to access it through the browser, I get a permissions errors saying I don't have access to those tables.
There are two tables my app needs to access. On one of them I changed the permissions with SQL Management Studio to allow the public group select permissions, and that solved the problem. On the other table (very large table) I tried to do the same, but got an error saying it timed out waiting to get a lock on the table. Is there a way to change this timeout or another way to change the permissions?
I don't believe I should even have to change the permissions though, because there are classic ASP apps on that server that access the very same tables. I think the issue is the user that is being used to access the tables. If I can access the tables running the web app from my machine, and classic ASP apps on the server can access them, but my ASP.NET app can't, my ASP.NET app must be using a different user account. How can I check this and make the necessary changes?
Regarding your permission error, it's probably because on your machine the app is accessing the database with your permissions, with windows integrated login.
Normally, a web application is supposed to access a database using a technical user, that is specified in the web.config file, in the connection strings section. It's something like
<configuration>
<connectionStrings>
<add name="myConnsStr" connectionString="server=myserver.example.com;database=mydatabase;uid=tech_account;pwd=tech_account_password" providerName="System.Data.SqlClient" />
</connectionStrings>
...
</configuration>
How does yours look like?
For the other one, yes, do the permission change in T-SQL. If you are not sure how to do that, do the change in the designer, then before clicking OK, use the Script button in the header area. Script the change to the clipboard and then try to run in a new query window. You can play with the query timeouts in the options dialog.
You could try setting the lock timeout to -1 (meaning it'll never timeout)
SET LOCK_TIMEOUT -1
GO
And you can also try adding the permissions using a query
sp_addrolemember #rolename = 'db_datareader', #membername = 'YourAspApp'
You can also try to change your asp.net user in the asp.net connection string to a user which already has selecting privileges.
Let me know if any of that worked, it's a good place to start with =)
Related
I am converting a website from Oracle to SQL Server 2016. The website is built in ASP.NET Framework 4 using Visual Studio 2015. The original developer made extensive use of Oracle packages for data manipulation and I have successfully converted everything to stored procedures and user-defined functions. I have successfully rewritten all of the web pages to use the new syntax. I can run the website on the localhost with no errors and am trying to get it to work on our development web server.
The problem: all stored procedures return the same error:
The EXECUTE permission was denied on the object 'USP_My_Procedure', database 'WEB_DB', schema 'WEBDATA'
The user is a member of a Database role which is granted DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, and VIEW DEFINITION permissions on the WEBDATA schema:
I am able to SELECT, INSERT, UPDATE, and DELETE data directly from the webpages on the development server when stored procedures are not used. I am able to run the stored procedures from Management Studio when logged on using the application's SQL account. I just can't use the stored procedures to do the work from the website. Unfortunately, I don't have time to rewrite the entire application to eliminate the stored procedures.
Does anyone have any ideas of what to look for? Thank you.
Stored procedures are executed. See the line in your permissions for EXECUTE? It is not granted to this user.
GRANT EXECUTE ON USP_My_Procedure TO YourUser
https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-object-permissions-transact-sql
Assuming your database connection string is using trusted security...
If you deployed an ASP.NET application to a development server you are likely using IIS. If so, then you are likely using an Application Pool. Verify the Application Pool identity has sufficient privileges on the database. Performing a test includes connecting to the SQL Server as the security context the application pool identity is based on, then simply try to execute the failing stored procedure in a query window (using this security context).
To view Application Pools...
Open Internet Information Services (IIS) Manager (A.K.A., inetmgr.exe)
In left hand pane, expand server node and click to select 'Application Pools'
In middle pane, click to select any application pool
in right hand pane click to select 'Advanced Settings...'
in section 'Process Model' notice value for 'Identity' (this value can be changed to a domain user account which can be assigned to SQL Server resources).
If you have more than one application pool the trick is to identify the one being used by your ASP.NET application...
I have created an ASP.NET MVC web app which uses an SQLite database under EF6.
The app works fine in VS. The database is included in the project in the App_Data folder. When I publish to Azure (or an IIS test server on the LAN) I get an error. The Azure instance is showing an HTTP 500 error, and it only happens on views which require database access to load. Other than that it works fine. The IIS test server shows an error saying unable to open database file. I tried loosening file permissions on the .db file on the IIS instance, but nothing changed. I'm not sure how to go about doing anything on the Azure instance.
Can someone please assist me with debugging a SQLite connection problem on Azure/IIS?
Details
VS 2015 Enterprise
Azure app services (free tier, production server)
SQLite3 database
IIS on Windows Server 2012R2 (test server)
I have tried all sorts of combinations of connection strings:
setting a connection string to the D:/xxx/xxx path in Azure Portal
modifying the connection string in the deployment profile in VS (replaces value in web.config upon deployment)
just leaving it all the same
Nothing has worked or even changed the error. Perhaps one of those configurations is able to access the file but simply can't open it (which is sort of what the IIS error suggests, I think). Even then, how do I go about finding out?
EDIT
On the IIS test server I discovered that the entire problem was that the connection string in Web.config was wrong. I manually edited it on the server and it fired right up. I'm still not sure how to correct the path on the Azure server, nor how to correct my deployment settings in VS to inject the correct path. Thoughts along those lines are still appreciated.
EDIT 2
I've also found that each time I hit a page requiring DB access, I see this error show up in the application logs on Azure:
2017-01-03T20:25:32
System.ApplicationException: The trace listener AzureBlobTraceListener is disabled. ---> System.InvalidOperationException: The SAS URL for the cloud storage account is not specified. Use the environment variable 'DIAGNOSTICS_AZUREBLOBCONTAINERSASURL' to define it.
at Microsoft.WindowsAzure.WebSites.Diagnostics.AzureBlobTraceListener.RefreshConfig()
--- End of inner exception stack trace ---
After some abysmally slow debugging sessions, I finally remembered that in toying around I had set a connection string value in the Azure portal.
Apparently whatever value is set in the Azure Portal overrides (at runtime?) the values in the Web.config file
I simply deleted the connection string from the Azure Portal (your app/Application Settings/Connection Strings) and it worked. The final connection string looks like this:
<add name="yourThingEntities" connectionString="metadata=res://*/cadb_SQLite.csdl|res://*/cadb_SQLite.ssdl|res://*/cadb_SQLite.msl;provider=System.Data.SQLite.EF6;provider connection string="data source=D:\home\site\wwwroot\App_Data\yourSQLiteDBFile.db"" providerName="System.Data.EntityClient" />
To get the Web Deploy working in VS, you'll need to edit the publish profile to have a connection string matching the format
data source=D:\home\site\wwwroot\App_Data\yourSQLiteDBFile.db
Apparently not many people use SQLite for web apps, and most people should not. If you ever expect more than one user for your website at a time, you shouldn't fix SQLite, you should convert to SQL Server CE or just full-blown SQL Server which Azure will take care of for a paltry $5/mo. Choose wisely!
So far I have been using the WebSite Administration Tool built in Visual Studio 2010 to manage Users and Roles along with MySQL Membership and Roles Provider.
Now, I have deployed the application to the production server and I am getting the following error:
Even if I tried to copy one of the roles and one of the users from my local DB to the one used by the production server, it didn't quite work and I keep getting the same error. At least, I'm sure that's the cause of the error because I did a remote debugging which led me to find it.
At this point I am very confused on how to get it working properly. So, any help or guidance would be really appreciated.
EDIT: At this point the User has been already authenticated in the login page using the connectionString to the production DB server. For that reason, I have dismissed any kind of problems related to the connectionString. I get this error while loading the masterPage where the role is needed in order to choose which menu to display.
The exception message says it all: It cannot connect to the database. Verify that your production DB server is running, that the connection string is correct and that you have network connectivity (including name resolution) from the web server to the DB server.
The solution for this problem was to create the mysql_aspnet_membership provider by granting full access through the machine.config and autogenerating the schema, instead of manually creating the membership tables in the database, which I though there could have been a valid way to create the db.
Afterwards, this didn't break anymore.
I am having a problem with deploying a multiple tables report into my IIS server. The page shows : "The report you requested requires further information". However, I have tried to set databaselogon at the server-side but it didn't work. (The report is working fine on VS Debugging Mode)
It is confusing that it happens only to a multiple tables report and it is working fine on a single table report.
I am using VS2008 and CrystalReportViewer version 10.
When you get "The report you requested requires further information", are you prompted to log in? I think that is the header message for DB authentication required.
If so, what you need to understand is the concept that the Crystal Reports runtime runs within the security context of the ASP.NET server. Your database connections within the Crystal Report are probably set up to use Integrated Authentication, which means the report will authenticate to the DB server using the credentials of the ASP.NET process.
In debug mode, the ASP.NET development server runs as your user account. Undoubtedly, you have access to the DB. However when you try to run in production mode, the ASP.NET server (by default) is either running as a local account called ASPNET on the IIS server, or as the NetworkService account, depending on what version of IIS you are running.
If you are running IIS 7.x, you need to either give the IIS server's directory object (NtDomainName\ServerName$) access to the DB, or change the security identity of the application pool associated with your ASP.NET application.
Hopefully this sets you on the right track and if you still need more help please post what version of IIS you are running and more information on the error message you are getting.
Response to Comment:
To configure Application Pools, in IIS Manager, select the Site in question, click Basic Settings... and check the Application Pool it is assigned to. Then go into Application Pools, you should see the current Identity of the pool listed. This is the account the application "runs as". This account needs to have access to all the files and resources in your web application, including your MySQL DB.
You can edit the Identity settings in the Advanced Settings dialog for the Pool.
Unfortunately I can't give you any advice on MySQL since I have never worked with it.
I have a web app that I am working with on a separate server. I didn't originally create it, but I have to maintain it. I had to to do some manual editing of one of the database tables, which I did through Visual Studio 2008 installed on the same machine. Now I get SQL exceptions regarding Network Service not having the right privileges.
How do I avoid this from happening? I haven't modified any settings regarding the security or access information. It was working before I made the modification, and now it isn't.
Thanks!
Did you by chance change the connection information stored for the DB? Perhaps remove a explicit user (SQL Authentication) and replace it with a Trusted_Connection?
Also did you change the webserver to no longer use authentication?
The error sounds like it is coming from the fact that the Network Service account (the one generally responsible for running ASP.NET pages) cannot access the DB. This happens mostly when authentication is disabled, and there is no explicit SQL Authentication.