I'm using Visual Studio 2008, MS SQL server 2008 Express
SQL server: zeroonea\SQL2008EXPRESS
i'm create a webproject, made a dbtest.mdf in App_Data, made some tables, use aspnet_regsql to create membership tables in there, everything work fine.
my connection string in web.config:
<connectionStrings>
<add name="dbtestConnectionString" connectionString="Data Source=zeroonea\SQL2008EXPRESS;Initial Catalog=dbtest;Persist Security Info=True;User ID=***;Password=***"
providerName="System.Data.SqlClient" />
</connectionStrings>
It still work when i run web application, the code can connect to sql server
but when i run Web Site Administration Tool, click on Security tab, i throw a error
There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.
The following message may help in diagnosing the problem: Unable to connect to SQL Server database.
Any suggestion?
By default, I don't think SQL Express allows remote connections. You have to turn them on in the Server Networking tool.
http://www.linglom.com/2007/08/31/enable-remote-connection-to-sql-server-2005-express/
Also, as that blog mentions, SQL Express may be configured to only allow "Trusted" connections, and by providing a username and password in your connection string, you're connecting using SQL authentication.
Did you replace the db login and password with *** for the sample? If not, that's probably your problem.
Is this any use?
http://weblogs.asp.net/lhunt/archive/2005/09/26/425966.aspx
The fact it's SQLExpress may be adding an extra complication here.
This answer and other research helped me get this working. I have summarized the steps in detail here http://www.yart.com.au/Resources/Programming/ASP-NET-Security-Doesnt-Work.aspx
Related
Sorry for the long title...
Here is the situation - 2 machines:
IIS 7.5/App server Windows 2008
SQL Server 2008
The SQL Server machine has a local account SpecialUser1. This account is used as login account in SQL Server itself and has full access to the database.
The IIS machine has an identical local account SpecialUser1.
Web application is setup using Windows Authentication + ASP.NET impersonation with that SpecialUser1 defined in identity tag of web.config.
<identity impersonate="true" userName="SpecialUser1" password="SpecialPassword" />
And it's using Integrated Security access to the SQL Server, defined in a connection string:
<connectionStrings>
<add name="ConnectionString1"
connectionString="Data Source=SQLSERVER1;Initial Catalog=DB1;Integrated Security=SSPI;"
providerName="System.Data.SqlClient"/>
</connectionStrings>
Will the web application be able to get access to the SQL Server's database using that impersonated account? Meaning - are these 2 identical accounts mapped to grant access to the database ?
I relied on the information from here: http://msdn.microsoft.com/en-us/library/bsz5788z(v=vs.100).aspx
and here: http://msdn.microsoft.com/en-us/library/aa292114(v=vs.71).aspx
Thanks
I came across your question while researching windows impersonation, which has changed in MVC5. One thing that struck me is if you only have one user for accessing the database then I don't think you really need impersonation. You could just put the username/password in the connection string.
Clearly you might have other things going on that you haven't mentioned that rules this out. However, the simple answers are often the best so I thought I would add this.
PS. Be warned that windows impersonation seems to have changed in MVC5. See this question the asp.net forum for more information. I'm still researching how to do this.
I've been given a backup of a production SQL database to begin writing an application against.
I've got it running as a local instance and using Windows Authentication and I can READ the information, however I cannot figure out how to get IIS to use my Windows Authentication to log into the SQL server when running a local ASP.Net website.
I don't have the authority on the DB to add users, and I'm getting an error of System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\NETWORK SERVICE'. when I try to access a page that reads the database.
I don't think I will be able to communicate with the DB admin for a while to get him to fix this up for me. Is there anything I can do here?
Your asp code is using the same identity that IIS runs under - the Network Service account. To get it to use your credentials, you can either hard-code them into a connection string or you can use impersonation (see this link: http://msdn.microsoft.com/en-us/library/aa292118%28VS.71%29.aspx)
The gist of the link:
Put this in your web.config file: <identity impersonate="true" />
-t.
You need to create an account in SQL Server for the Network Service account,ex via SSMS via the "Security" section, right click on "Logins" and select add. You will be adding a Windows Account, you can then lookup and validate the name "NETWORK SERVICE". Then switch to the "User Mapping" section and grant permission to view your database.
reference : http://msdn.microsoft.com/en-us/library/ms998320.aspx#paght000015%5Fsqlserver
2nd Alternative
If "integrated security=sspi" is there in your connection string than you should:
Turn on integrated auth in IIS
Turn on windows auth in asp.net
Turn on imerposation in asp.net
Hopefully it will help.
I am using integrated security in an ASP.net application, the IIS and SQL Server are both hosted on the same server machine running Windows Server 2008 R2.
Is it possible to allow users to access the application from across the network AND logged in users but not let them access the database directly or via SQL Server Management Studio?
I am trying to safeguard the database access because my application is going to be deployed on the client's server at client's premises.
Here is my connection string that i am currently using
<add connectionString="Server=.\sqlexpress;Database=DB89akwA;Integrated Security=true" name="LocalSqlServer" providerName="System.Data.SqlClient" />
<add connectionString="Server=.\sqlexpress;Database=DB89akwA;Integrated Security=true" name="MainAppConnectionString" providerName="System.Data.SqlClient" />
These are the two connection strings i am currently using, one is for ASP.net Authentication and second is used by my application. These both strings are the same and of the same database.
Any suggestions?
It is not possible to 'secure' a database running on client's premises. The client's staff can get the password from the ASP.Net connection string. A domain administrator can always gain access to the database (there is an actual MSDN article describing the process: Connect to SQL Server When System Administrators Are Locked Out).
If you want to hide the Intelectual Property you feel your database has, then your only solution is to not deploy the database on the client premise (use a hosted database like SQL Azure for instance).
If you simply want to prevent the client from interfering with the database you can stipulate so in the contract. Auditing and detecting interference is possible.
Yes, that is completely possible. A Person logged in to ASP.NET using integrated security can not log in to SQL Server with the same credentials. Both are completely disconnected. It is only possible if the SQL Server has been set to allow them access.
My Piece of advice would be to create SQL Login and users, and only give them access to SQL Server. In your application, when you create the Connection String, do not set integrated security to true, and just let the user enter his Sql username and password to access the database.
We have a windows account in the SQL Server 2008 called drwho for example
and a password. In the connection string we disabled integrated security and added User Id and password values.
User Id=THEDOMAIN\drwho;Password=......
However ASP.NET keeps thinking we are using SQL server authentication.
Any suggestions?
You cannot connect to SQL server using a domain user/pass. If you wish to connect as a domain user, you need to specify integrated security and run your ASP.NET process as that user.
See this page at Microsoft for more information.
You will have to use impersonate to do this. As far as I'm aware you can't pass domain usernames/passwords in connection strings only a trusted connection, .e.g.
<identity impersonate="true"
userName="domain\user"
password="password" />
the best place to check the validity of your connections strings is here
I suspect that you have not quite got the format correct.
Have you had a look at http://www.connectionstrings.com/? Always a good resource if you're having connection problems.
Im getting this error on the production server:
A network-related or instance-specific error occurred while establishing a > connection to SQL Server.
It's on IIS, and connecting to sql server with Windows authentication.
Any idea? or solutions?
The error message listed in the question typically occurs to me when I'm having connection issues, not related to credentials. Is your connection string setup properly? Have you tested it out on a different machine?
Additionally though, with windows authentiation in place, updated the web.config to set:
<identity impersonate="true"/>
solves the issue since the web application impersonates the person using the application, and their credentials have already been verified and are passed on to SQL Server.
Are you sure the production server has access to the relevant SQL Server? You can easily use the ODBC Data Source Administrator to test that this is so.
if it is a web application and you do not use impersonation, the application will try to connect with the IIS user, most likely NETWORK SERVICE, b/c that is the user that is running the app. My suggestion is to either use impersonation (see Dillie's post) or create an application user name and password and use that. I personally prefer application user names for most cases.