I'm trying to access an SQL Server Express database out of an ASP.NET HTTP request handler.
The handler is run under ASPNET account and uses "integrated security" in the SQL connection string and so I get an error message saying that login for ASPNET account failed and so I can't access the database.
This seems to be a very common problem and most answers say "grant access to you database to user ASPNET".
I only have Visual Studio 2008 and I can't find how to change access permisssions for a database. Specifically I use Tools->Server Explorer and I can see all the tables in the database but can't find how to change access permissions.
How do I change access permissions to my database using tools shipped within Visual Studio 2008?
One option is getting the tools for SQL Express would be a good idea—thus getting SQL Server Management Console Express Edition, or just install the SQL Server Management tools (eg. from SQL Server Developer Edition). Then you have the full GUI (including ability to enter and generate SQL).
The other option is to use SQL to do it:
Use CREATE LOGIN to add the login to the SQL Server instance.
Use CREATE USER to add login to the target database.
Use SP sp_addrolemember to assign roles.
Eg. (IIS AppPools is a group of App Pool Identities on system Dev1 being assigned generic read and write data access to the current database):
CREATE LOGIN [DEV1\IIS AppPools] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
CREATE USER [DEV1\IIS AppPools] FOR LOGIN [DEV1\IIS AppPools]
GO
EXEC sp_addrolemember N'db_datareader', N'DEV1\IIS AppPools'
GO
EXEC sp_addrolemember N'db_datawriter', N'DEV1\IIS AppPools'
GO
Related
I am converting a website from Oracle to SQL Server 2016. The website is built in ASP.NET Framework 4 using Visual Studio 2015. The original developer made extensive use of Oracle packages for data manipulation and I have successfully converted everything to stored procedures and user-defined functions. I have successfully rewritten all of the web pages to use the new syntax. I can run the website on the localhost with no errors and am trying to get it to work on our development web server.
The problem: all stored procedures return the same error:
The EXECUTE permission was denied on the object 'USP_My_Procedure', database 'WEB_DB', schema 'WEBDATA'
The user is a member of a Database role which is granted DELETE, EXECUTE, INSERT, REFERENCES, SELECT, UPDATE, and VIEW DEFINITION permissions on the WEBDATA schema:
I am able to SELECT, INSERT, UPDATE, and DELETE data directly from the webpages on the development server when stored procedures are not used. I am able to run the stored procedures from Management Studio when logged on using the application's SQL account. I just can't use the stored procedures to do the work from the website. Unfortunately, I don't have time to rewrite the entire application to eliminate the stored procedures.
Does anyone have any ideas of what to look for? Thank you.
Stored procedures are executed. See the line in your permissions for EXECUTE? It is not granted to this user.
GRANT EXECUTE ON USP_My_Procedure TO YourUser
https://learn.microsoft.com/en-us/sql/t-sql/statements/grant-object-permissions-transact-sql
Assuming your database connection string is using trusted security...
If you deployed an ASP.NET application to a development server you are likely using IIS. If so, then you are likely using an Application Pool. Verify the Application Pool identity has sufficient privileges on the database. Performing a test includes connecting to the SQL Server as the security context the application pool identity is based on, then simply try to execute the failing stored procedure in a query window (using this security context).
To view Application Pools...
Open Internet Information Services (IIS) Manager (A.K.A., inetmgr.exe)
In left hand pane, expand server node and click to select 'Application Pools'
In middle pane, click to select any application pool
in right hand pane click to select 'Advanced Settings...'
in section 'Process Model' notice value for 'Identity' (this value can be changed to a domain user account which can be assigned to SQL Server resources).
If you have more than one application pool the trick is to identify the one being used by your ASP.NET application...
I have successfully deployed my asp.net web form application on appHarbor and also installed SQL Server.
But I don't know how to make database as I could not find any query box of shell where I can run my schema script.
A good way to do is to download the SQL Server express 2014 that will allow the connection with add-on that you install in https://www.microsoft.com/en-us/download/details.aspx?id=42299.
with the SQL management you can grab the Host Name as server name, then use sql authentication and put your username and password.
then you can manage all your database in your site, and in Visual Studio the only thing that you need to do is provide the connection string that appHarbor gave you and copy and paste to the web.release.config.
I have an Access database with local and remote tables. The remote tables are linked to a Sql Server Database through an ODBC connection.
When I open the Access database, I can open and view the contents of both the local and remote tables. So this is proof that there should be no problem connecting to the remote tables from an ASP.NET app
Now when I run my ASP.NET app in Visual Studio, I am able to access both the local and remote tables in Access with no problem.
As soon as I put my app into IIS and run the app from localhost, I am only able to access the local tables in the Access file with my code but none of the remote tables! I get the following error when I try: "ODBC--connection to 'FMPOS_live' failed." But remember, I have no problem opening the remote tables from Access directly but I can't access them from my app running in IIS for some reason.
Is there a permission somewhere that depending on who or what is accessing the Access file, determines whether that process can use the remote tables??
When running from Visual Studio you are using your own credentials to connect to the SQL server.
When running from IIS you are using either ApplicationPoolIdentity, Network Service, or Local System depending on configuration of the application pool. You would need to allow login and read privileges to whichever account the website is running under.
In the case of running from VS it's probably working because you're probably a sysadmin on the SQL server.
Try checking what user is running "w3wp.exe" in the task manager.
In the case of ApplicationPoolIdentity the username you're looking for will be IIS APPPOOL\NameOfApplicationPool.
The problem was the application pool identity. Access wasn't allowing access to it's remote tables by the default process ApplicationPoolIdentity Identity. I changed the identity to my windows user login and it worked!
Instructions:
1. Go to the Application Pool for your website
2. Click on it and select Advanced Settings
3. Under Process Model Identity, choose Custom Account and type your username and password for your windows login.
Visual Studio 2012 Express, EF5, Code First Migrations, Web Publish.
I am doing a web publish from a Windows 8 Laptop to a Windows Server 2008 R2 web server using Web Deploy from Visual Studio 2012.
The files are uploaded fine. But I get this error:
CREATE DATABASE permission denied in database 'master'
When Code first tries to create the database.
The Web Publishing wizard uses a windows user to login - that user has db_owner permissions on the master database.
Exactly what do I need to do to grant CREATE DATABASE permissions? (or see which user tried to do it - the error doesn't report that for some reason?!).
Thanks.
I've just come across this problem and I resolved it following the instructions here. Effectively, the "IIS APPPool\DefaultAppPool" user must first be added. While adding it, ensure that
as its "Server Roles" it is a "sysadmin".
If you'r running the application from IIS, then IIS APPPOOL\{Your apppool name} is the sql user trying to create the db. If there is no such user in you sql server then create one with the name IIS APPPOOL\{Your apppool name} and give server role dbcreator, public and sysadmin. Now I hope you won't see the error, code first should create the db.
Should the ASPNETDB be left in default app folder created by Visual Studio when deploying on webserver? I have another DB that is in the mssql data folder, should that be placed in same directory as well? Im not clear on whether it matters one way or the other.
It depends what environment you are deploying your application to. Specifically, what database servers are available to you or what you are able to deploy.
If you have, or can install, SQL Server and have full administration rights over the instance then the easiest option is to attach both databases to that instance and change your connection strings appropriately. In this case both files should reside outside wwwroot, in a SQL Server specific directory.
I presume this is how the database in your 'mssql' data folder is being accessed. The connection string SHOULD NOT contain 'AttachDbFilename'.
The other option involves SQL Server Express Edition and User Instances. User Instances are created on demand to host a database when the application user does not have the right to attach it to a setup created instance. User Instances run in the context of the application user, ASPNET in your case, and lack advanced security features.
Visual Studio uses this same setup. ASPNETDB is likely using this method. The connection string SHOULD contain 'AttachDbFilename'.
A database that has been created in a user instance can be migrated to a setup instance. However, a database from a setup instance cannot be attached to a user instance because the security information is unavailable.
See Configuring ASP.NET 2.0 Application Services to use SQL Server 2000 or SQL Server 2005 and SQL Server 2005 Express Edition User Instances for further information.