I am having a problem with deploying a multiple tables report into my IIS server. The page shows : "The report you requested requires further information". However, I have tried to set databaselogon at the server-side but it didn't work. (The report is working fine on VS Debugging Mode)
It is confusing that it happens only to a multiple tables report and it is working fine on a single table report.
I am using VS2008 and CrystalReportViewer version 10.
When you get "The report you requested requires further information", are you prompted to log in? I think that is the header message for DB authentication required.
If so, what you need to understand is the concept that the Crystal Reports runtime runs within the security context of the ASP.NET server. Your database connections within the Crystal Report are probably set up to use Integrated Authentication, which means the report will authenticate to the DB server using the credentials of the ASP.NET process.
In debug mode, the ASP.NET development server runs as your user account. Undoubtedly, you have access to the DB. However when you try to run in production mode, the ASP.NET server (by default) is either running as a local account called ASPNET on the IIS server, or as the NetworkService account, depending on what version of IIS you are running.
If you are running IIS 7.x, you need to either give the IIS server's directory object (NtDomainName\ServerName$) access to the DB, or change the security identity of the application pool associated with your ASP.NET application.
Hopefully this sets you on the right track and if you still need more help please post what version of IIS you are running and more information on the error message you are getting.
Response to Comment:
To configure Application Pools, in IIS Manager, select the Site in question, click Basic Settings... and check the Application Pool it is assigned to. Then go into Application Pools, you should see the current Identity of the pool listed. This is the account the application "runs as". This account needs to have access to all the files and resources in your web application, including your MySQL DB.
You can edit the Identity settings in the Advanced Settings dialog for the Pool.
Unfortunately I can't give you any advice on MySQL since I have never worked with it.
Related
Question: How do I properly setup the database connection when using the File System method to publish an ASP .NET Core 3.1 Web-Api to IIS running on Windows 10? I believe I have added all of the correct Windows features for IIS because it runs and I am running VS 2019 Community in Admin mode.
This is my first time deploying a .NET Core 3.1 Web-API to IIS via the Publish method. I am able to successfully publish the web application to IIS. But it appears that something is wrong with the database configuration because when I try submit a login POST via Postman, I am getting an error message from the API error handling middleware that the credentials are invalid, which effectively means that the Web-API cannot connect to the database. As a test, when I try running in debug with IIS Express and change the connection string, I get the same error. Note: the IIS server logs do not contain any relevant output to confirm this, but I am pretty sure this is the problem.
In searching online, I am struggling to find a simple and direct walk through on how to publish a Web-API with a database connection. I suspect the problem is in the Connected Services section of the publish profile. I had to battle through some build errors that related to missing packages, and this item:
https://obscureproblemsandgotchas.com/development/c/dotnet-core-ef-migration-not-working/
Once I applied this change, the database data context strings could be read from the Publish Settings section of the publish profile, which reads the connection strings from the appsettings.json file. Though, I had to modify that string to remove an escape '' from the actual json value so that the test connection would succeed.
Any help is greatly appreciated.
You could set the connection string at the time of deploy from the visual studio as shown below :
Make sure you installed the .NET Core Hosting Bundle and .NET Core Runtime.
after doing all these things set the application pool identity to the administrator:
Open iis manager, select your application pool.
Click on advance setting from the action pane.
Under Process Model, click on the “Identity” value and select “Custom account”.
enter your domain user name and password which user has to access to the database and click ok to apply the changes.
after applying changes select the application pool and click on the “Recycle”.
restart your site.
Please refer below link for more detail:
https://forums.iis.net/post/2159167.aspx
Deploying an asp.net project on local IIS server as a release version. Getting 401 unauthorized error on API call (allow anonymous enabled). Server runs with administrator user principal. This principal has all the permissions. And the project declared as application with correct .net library. The only thing I can't change is read only flag on the project directory. Anyone can help? Nothing in google resources worked...
Update: After a lot of searching and digging, I found a solution:
IIS Application basic settings - The default settings is to run application with Application pool user, which is usually limited with it's files access permissions. So the idea is to run application with administrator user.
Run as - enter administrator user name and password
Application pool type - The default application pool type is 2 and sometimes new .NET libraries are not accessible. So you have to add all the missing ASP.NET types to IIS.
Usually ASP.Net version suppose to be classic, in this case application works fast. Otherwise application refresh time may take long period.
Local folder permission - add local administrator, that you defined on IIS settings, and grand him all permissions to the folder recursively
SQL Server Management- the default server authentication is Windows Authentication, make it SQL Server and Windows Authentication mode
Add new user to the server and grand him all the permission to the database
Add this user to database Users and change the SQL connection string at the project accordingly. This way you prevent application pull trying to connect with database with it's user
Just posting this here as I went around in circles trying to diagnose an intermittent 401 error.
I had a virtual sub directory within the web application that referenced an external folder which was out of the directory tree so had different folder permissions.
Any scripts that referenced this folder failed - while others ran completely fine.
I created a simple ASP.Net Core application with user authentication (so all the Entity Framework has been preloaded into the web app template). It is connecting to my database with the connectionString that is located in my appsettings.json file, with "data source = {computerName}\\{serverName}" setup.
The database instance and Visual Studio are located on the same machine. This works fine in returning data to the web api while within development and debugging mode. When I publish it and try to go to the site from a domain name it does allow me to view the webpages that are not needing database connection but the rest that need data from the database returns pages like this:
Error.
An error occurred while processing your request.
Development Mode
Swapping to Development environment will display more detailed information about the error that occurred.
Development environment should not be enabled in deployed
applications, as it can result in sensitive information from
exceptions being displayed to end users. For local debugging,
development environment can be enabled by setting the
ASPNETCORE_ENVIRONMENT environment variable to Development, and
restarting the application.
I have tried to change the Environment Variables for ASPNETCORE_ENVIRONMENT from Development to Production to no success.
I have tried adding appsettings.Production.json to publishOptions in my project.json file, even though there is no file appsettings.Production.json, and this did not help. dotnet publish
Adding the evironment variable in the web.config file did not work Deployment
I need help getting the published web api to connect to my SQL Server database from outside the development Visual Studio setup.
The last thing I can think of is that maybe I am incorrect in how I understand the connection string. If the web api uses the connection string to connect to the database from the server-side then it should work just fine like it does when in development calling to http://localhost:port# since it's all on the same machine. But, if the database string needs to be based on a client-side call then it would have to be with domain names and IP addresses.
Can someone tell me which one it is?
The only thing else that comes to mind is that there is something I am not doing, and need to do, inside of IIS Manager. I see connect string there as well but unsure what that is for our does since the connection string is inside the application. Also maybe I am suppose to give the app some kind of authorization to communicate with the database server even though they are on the same machine???
After much research, finally googling "how to deploy a web api in iis" I was able to learn from Host ASP.NET Web API in IIS using Visual Studio Publish that I needed to add the security entity BUILTIN\IIS_IUSRS. Then placing a mapping to my database tables and giving db_datareader (and possibly db_datawriter) for the database to the IUSER to allow access from my self hosted IIS web api. This from the above mentioned link with the part stating
Accessing Database under IIS APPPOOL\ASP.NET v4.0
As we are using ASP.NET v4.0 App Pool make sure IIS APPPOOL\ASP.NET v4.0 is added to your Database Server -> Security -> Logins.
1) I want to know suppose we are using an ASP.NET web application in debug mode in VS, then, the code runs under which user account?
2) I also want to know, suppose we publish this to the IIS and then, set it up to use WBA/FBA, then, the username/password of logged in user is used to authenticate user to the ASP.NET site, however, the code (SQL query, etc) runs under credentials of apppool account. Further, which credential is used to access resources on server like files? What is your view on this point?
1) I want to know suppose we are using an ASP.NET web application in
debug mode in VS, then, the code runs under which user account?
This is depending on the hosting. VS provides 4 ways to host & debug a web application : VS Dev Server (VS 2012), IIS Express, Local IIS and Custom Host (VS 2013). Devs servers generally runs under your -Administrator- account, and may not be suitable to test security. Working directly with IIS as your development web server lets you work in an environment closer to that of an IIS production web server.
This is configured in the Web Tab in your web project properties.
2) I also want to know, suppose we publish this to the IIS and then,
set it up to use WBA/FBA, then, the username/password of logged in
user is used to authenticate user to the ASP.NET site, however, the
code runs under credentials of apppool account. What is your view on
this point?
Not very clear, but I think your undestanding of IIS security may not be correct. There is only one application pool per web site which runs under a specific account (by default apppool account, but it could be Network Service or Local System). When a user logs in, absolutely nothing is changed in this process. The user is just connected using an authentication provider : Windows Authentatication or Forms Authentication are 2 common providers. User identity is kept in http context, which allow you to use authorization rules later. So every code block always run under the same account (unless you enable delegation but that's another story).
I higly suggest you to read this complete introduction on asp.net security.
Every time the ASP.NET application in question throws an error the Global.asax writes to an error file: logs\error.log. The ASP.NET applications works using Windows authentication.
I am able to write to the log file when debugging using Visual Studio, however it does not work when the application is deployed in the live environment. How do I find out what user account I need to give access to: logs/error.log?
The application is deployed on a Windows 2003 Server with IIS6. Microsoft.NET 3.5.
You would have to give the required permissions to the network service account. This link might be able to help you out.
Windows Server 2003 defaults to the "Network Service" account.
This can be verified by opening IIS (expand the computer if needed), expand the "Application Pools" folder, right click on the pool used by your web app, and go to the Identity tab.
FYI: Windows Server 2008 uses the IIS_IUSER instead of Network Services.
I hope that logs folder is a virtual directory setup outside the web site directory.
Otherwise every time you deploy the entire solution you will overwrite the logs folder and its content.
Microsoft has a tool for monitoring file access that can be useful for troubleshooting permission issues.
Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645
You will also want to check if your application is using windows authentication & identity impersonation since that can change the identity the application is executing with when enabled.