RS2008: Cannot Create Connection When Using Impersonation
Apr 9, 2008
I am testing RS2008 CTP6.
When I view a Adventureworks sample report (e.g. company sales) I get this errormessage when I use the option "Impersonate the authenticated user after a connection has been made to the data source" :
Cannot create a connection to data source 'AdventureWorks'.
Must declare the scalar variable "@ImpersonatedUser".
All other connection options without impersonate works fine.
Any idea what can cause this problem?
Hello All, Login failed for user '(null)'. I know this issue is all over the forum, however i have not found any posts that help me resolve the issue. Situation: I have an ASP.NET 2.0 application hosted currently on XP pro(will be moving to 2003 Server) which connects to a SQL 2000 database that resides on a different server. I have taken the following step to implement my security. Given my account permissions to the database Put the following in my web.config <add name="MyName" connectionString="Data Source=MyServer;Initial Catalog=MyDatabase;Integrated Security=SSPI" providerName="System.Data.SqlClient" /> <authentication mode="Windows" /> <identity impersonate ="true" /> I have set IIS to use integrated authentication and removed anonymous. The application works when run from the web server but not when run from a remote machine. Thank you for any asistance, George
I want a user to be able to call a stored procedure, that will call an assembly, that will logon on to another SQL Server, perform some functions (calculations), and return the results. I want the user's credantals passed, NOT the SQL Server Account. So in some research, I created this:
Public Class SomeName <Microsoft.SqlServer.Server.SqlProcedure()> _ Public Shared Sub LinkedServer() Dim cmd As SqlCommand Dim dr As SqlDataReader Dim clientId As WindowsIdentity Dim impersonatedUser As WindowsImpersonationContext
' as usual, connection strings shouldn't be hardcoded for production code Using conn As New SqlConnection( _ "Data Source=SERVER1; Initial Catalog=master; Integrated Security=SSPI") conn.Open()
cmd = New SqlCommand( _ "SOME QUERY", conn)
dr = cmd.ExecuteReader()
SqlContext.Pipe.Send(dr)
End Using End If Finally If impersonatedUser IsNot Nothing Then impersonatedUser.Undo() End If End Try
Catch ex As Exception SqlContext.Pipe.Send("Error: " & ex.Message) End Try End Sub End Class
Now the issue is that I get this message when I execute this code with the Impersonation code.
Msg 10312, Level 16, State 49, Procedure spr_SQLServerAccess, Line 0
.NET Framework execution was aborted. The UDP/UDF/UDT did not revert thread token.
When I exclude the impersonation code, everything works, BUT executes under the SQL Server Account.
I have used this code to create the Assembly and Stored Procedure:
-- Register the assembly
CREATE ASSEMBLY SQLServerAccess
FROM 'c:linkedserver.dll'
WITH PERMISSION_SET=EXTERNAL_ACCESS
GO
-- Register the stored-procedure
CREATE PROCEDURE spr_SQLServerAccess
AS
EXTERNAL NAME SQLServerAccess.SomeName.LinkedServer
Any idea's on the error message that is being thrown by SQL WITH the Impersonation code?
I like to use impersonation using multiple databases and a user with no login.
I'm working with Powerbuilder 10. I can change users using the command Execute Immediate "EXECUTE AS USER = 'username'". Unfortunately, I can't execute the command 'REVERT' from Powerbuilders Execute Immediate command. The Execute Immediate command prefixes the 'REVERT' command with a exec. ie. exec REVERT.
I thought I could encapsulate the REVERT command in a procedure and run the procedure using Execute Immediate. But, I'm new to SQL Server and I'm not sure if I can.
Does anyone know how to solve this problem? Thanks.
What's the correct way to set up impersonation & SQLExpress Here's the error I'm getting:Cannot open database "aspnetdb" requested by the login. The login failed. Login failed for user '***ASPDATA'. SQL Express in installed on C: aspnetdb was set up from aspnet_regsql.exe, on IIS manager - asp.net tab - edit configuration this string is there: data source=.SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true The aspnetdb is located in C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLDataThe ASP.Net web is on D: webconfig file has: <add name="LocalSQLServer" connectionString="Server=.SQLEXPRESS;Database=aspnetdb;Trusted_Connection=Yes;" /> <authentication mode="Windows" /> <identity impersonate="true" userName=aspdata@xxx.org password="xxx" /> Should I take a copy of aspnetdb and put it in the web app_data folder?Jess
Hello all- Before I go any further, I have followed http://msdn.microsoft.com/en-us/library/ms188304.aspx as best possible. I am attempting to send mail through a DML trigger. We'll call the database 'DB', and it is owned by a domain account named 'DOMAINAcct'. The trigger simply blocks any CUD operations on a table which we'll call 'Tbl', and sends an email. Hence, it looks something like...
CREATE TRIGGER [dbo].[TR_Tbl_BlockChanges] ON [dbo].[Tbl] WITH EXECUTE AS OWNER INSTEAD OF INSERT,DELETE,UPDATE AS EXEC [msdb].[dbo].[sp_send_dbmail] @profile_name = 'AcctMail', @recipients = 'foo@bar.com', @subject = N'CUD operations not allowed on Tbl', @body = N'Blocked'
AcctMail is a valid profile and operates correctly. I have created the DOMAINAcct user in msdb, given it the AUTHENTICATE permission, and added it to the DatabaseMailUserRole. When the trigger fires, according to the article, the security context should switch to dbo (DOMAINAcct), then be successful when attempting to execute the msdb sproc. Instead I get the usual: Msg 229, Level 14, State 5, Procedure sp_send_dbmail, Line 1 The EXECUTE permission was denied on the object 'sp_send_dbmail', database 'msdb', schema 'dbo'.
I am installing an application that is a WCF service host running as a windows service under the Network Service account. As part of its configuration I am creating a connectionstring in a config file that will allow the WCF services to access SQL Server. I would like this access to be done using windows authentication not sql server authentication.
So since the windows service is running Logged in under the Network Service account using the above connection string would try to connect to sql server using Network service account. Instead I would like to impersonate another domain account which has has a sql server login and is a user in the database.
Is there a way to configure the connection string to use integrated security but to impersonate another domain user?
In the following scenario, I am getting the message 'Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection'.
I am running a Windows Server 2003 with development environment and Sql Server Management Studio in a workgroup on a virtual PC.
My SQL Server 2000 is running on a domain server.
On the virtual Pc I have setup my user login and password to be the same as my domain login and password. Why is the Management Studio not using impersonation and allowing me to connect to the SQL server on the domain?
This is driving me nuts, below is the C# for the proc as well as the runtime error upon calling EXEC on it. Any help would be appreciated. Using UNSAFE Permission Set.
using System;
using System.Data;
using System.Data.SqlClient;
using System.Data.SqlTypes;
using Microsoft.SqlServer.Server;
using System.Security;
using System.Security.Principal;
public partial class StoredProcedures
{
[Microsoft.SqlServer.Server.SqlProcedure()]
public static void uspExternalConnection()
{
WindowsIdentity newIdentity = null;
WindowsImpersonationContext newContext = null;
try
{
//impersonate the caller
newIdentity = SqlContext.WindowsIdentity;
newContext = newIdentity.Impersonate();
if(newContext != null)
{
using (SqlConnection oConn =
new SqlConnection("Server=.\sqlexpress;" +
"Integrated Security=true;"))
{
SqlCommand oCmd =
new SqlCommand("SELECT * FROM AdventureWorks.HumanResources.Employee", oConn);
throw new Exception("user impersonation has failed");
}
}
catch (Exception ex)
{
SqlContext.Pipe.Send(ex.Message.ToString());
}
finally
{
if (newContext != null)
{
newContext.Undo();
}
}
}
};
Msg 6522, Level 16, State 1, Procedure uspExternalConnection, Line 0
A .NET Framework error occurred during execution of user defined routine or aggregate 'uspExternalConnection':
System.InvalidOperationException: Data access is not allowed in this context. Either the context is a function or method not marked with DataAccessKind.Read or SystemDataAccessKind.Read, is a callback to obtain data from FillRow method of a Table Valued Function, or is a UDT validation method.
System.InvalidOperationException:
at System.Data.SqlServer.Internal.ClrLevelContext.CheckSqlAccessReturnCode(SqlAccessApiReturnCode eRc)
at System.Data.SqlServer.Internal.ClrLevelContext.GetCurrentContext(SmiEventSink sink, Boolean throwIfNotASqlClrThread, Boolean fAllowImpersonation)
at Microsoft.SqlServer.Server.InProcLink.GetCurrentContext(SmiEventSink eventSink)
at Microsoft.SqlServer.Server.SmiContextFactory.GetCurrentContext()
at Microsoft.SqlServer.Server.SqlContext.get_CurrentContext()
at Microsoft.SqlServer.Server.SqlContext.get_Pipe()
I want to Access External resources inside the CLR Code... But I am getting Security Exception
I have marked Assembly with External Access... here is the way I am doing..
I read articles and MSDN .. everywhere is written to use impersonation like
using (WindowsIdentity id = SqlContext.WindowsIdentity)
{
WindowsImpersonationContext c = id.Impersonate();
//perform operations with external resources and then undo
c.Undo();
}
In above case .. I tried both Windows Authentications and SQL Authentications ...
In case of Windows.. I am have a domain login to logon to my pc, while sql server is at another machine and Active directory is at different machine .. when connect to Database .. it says cannot find user Domainnameuser
and the SqlContext.WindowsIdentity is always null or it has exception User.Toked thew Security exception.
After that .. I tried to user custome Identity .. using IIdentity =GenericIdentity("UserName","Windows");
But there is now difference .. still same exception .. as given below..
[Microsoft.SqlServer.Server.SqlProcedure]
public static void MyProcedure()
{
Process[] p = Process.GetProcessesByName("YPager"); //Yahoo messanger exe .. a process
p[0].kill();
}
A .NET Framework error occurred during execution of user defined routine or aggregate 'MyProcedure': System.Security.SecurityException: Request failed.
I have a user who is trying to run a job (call an Stored Procedure) which connects to a Linked Server. He can run it OK using EXEC SP_Name but when he runs from the SQL Jobs it gives him the error: Linked servers cannot be used under impersonation without a mapping for the impersonated login.[SQLSTATE 42000] (Error 7437). The step failed.The Linked Server was setup using another account. Would this be fixed if I add the new user to the Security section of Linked Server without breaking the current configuration?
As a bit of background first, I'm trying to write a CLR stored proc that will start/stop a Windows Service using the ServiceController class.
The problem I'm having is that the stored proc gets run as NT AUTHORITYNETWORK SERVICE - ie the user the SQLServer Windows Service runs as. This user doesn't have adequate permissions to start/stop a Windows Service (the user only has permission to view the service's status).
The Window's user who is connected to the db - executing the stored proc, does however have adequate permission to start/stop the Windows Service. I'd like to have someway of running the code in the stored proc as if it were this user. If someone could point me in the right direction I'd appreciate it.
I'm having trouble trying to access a network share that comes via a UNIX server running SAMBA. In the first case, I'm running on my local workstation (A), connected to a remote server (B), and attempting to access directory information for a path like:
\a0amsimmsworkseaborg argets11as2981
This path is fully accessible by me from the workstation (A) and the server (B). The files and directories below "work" in the above path are also wide open on the UNIX side (meaning r-xr-xrwx permissions). However, if I attempt to do something like this:
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path)
at StoredProcedures.mdcinfo(Int32 sim_id, String mdc_base)
CWD is: C:WINDOWSsystem32
User is: amsimms
Initial is: dbserver
Interestingly, if I run the procedure directly on the server (B), I do not get the exception. So this seems to be more of a delegation problem. The server B's sql server instance is running as a domain account (dbserver), which has been enabled for delegation and an spn has been set up. Is there something beyond this either with the impersonate or delegation configuration that I need to do in order for this to work?
When publishing to a file share using Reporting Services (no service pack 2 yet) the following error occurs:
Failure writing file NewFile.mhtml : An impersonation error occurred using the security context of the current user.
I have tried publishing to both Windows XP and Server 2000. The Reporting Services box is Server 2003. Publishing account is Local Administrator on both Reporting Services and target boxes. Logon Locally has been granted on both Reporting Services and target boxes.
We have a current situation where analysts will be modeling a variety of problems, all stemming from the same source data (stored in a SQL-Server 2005 relational database).
Analysts that work on the same problem will only have access to:
- A sandbox relational database (which contains views into the same source database). The analyst is db_owner of the sandbox database, so she/he can create data transformations required, etc. The sandbox database contains views to the source database, but the analyst only has read-access to the specific data elements needed from the source DB. So, they are very restricted w.r.t. the source database, but are db_owners of their sandbox relational databases. Note that the analyst will connect to the database via Windows Authentication.
- An Analysis Services sandbox database to use for their modeling, etc. In this AS sandbox db, we've created a role called "Administrator" and checked the permissions: Full control (Administrator), Process database, and Read definition. The analyst's windows account is the "user" associated with this role.
Also, in this situation, the SQL Server 2005 Relational Engine and Analysis Services are running on a single machine. The goal of this security model is to provide analysts with the ability to work in their "workspaces" (both SQL and AS), but not to see other analysts work, etc.
I'm running into a problem when trying to build models using this security model by doing the following: - Running Visual Studio - Selecting File -> Open -> Analysis Services Database and choosing the AS DB that I have access to (this is the only one that appears in the drop-down, after specifying the AS server). - I've created a data source pointing to the relational sandbox DB. - I've created a data source view choosing the table/view needed for the case table. - I created a mining structure with a decision tree model
When I process the mining structure, I'm getting the following errors:
- If the data source Impersonation is "Default" -- the error is "The datasource, '<DS name>', contains an ImpersonationMode that is not supported for processing operations."
- If the data source Impersonation is "Use the credentials of the current user" -- the error is the same as "Default" above -- "The datasource, '<DS name>', contains an ImpersonationMode that is not supported for processing operations."
- If I change the data source Impersonation to "Use the service account" and select "OK" in the "Data Source Designer" window, and error comes up with message: "The ImpersonationInfo for '<DS name>' contains an ImpersonationMode that can only be used by a server administrator.
Any suggestions or pointers to help implement this security model to provide analysts with AS and SQL Relational resources for their modeling?
I am having trouble creating a connection to an MS SQL 2000 database located on a server at the hosting company I'm using, with code running from my localhost. It works when the code is executed on the server at my hosting company, but not when it is executed locally, on my computer. Also, I can't connect to the database using Enterprise Manager. The error I get is this:
SQL Server does not exist or access denied
It has worked before, so I don't understand why it doesn't anymore. It's not a firewall issue, since I have tried to connect with my firewall disabled as well.
I rebuilt my machine a few weeks back - re-installed the developer version...The app in question can see all it's tables in the SQL back end via ODBC andeverything looks normal via Enterprise Manager, but I can no longer createan ADO Connection.Source code is unchanged, what's changed is the PC rebuild and consequentre-installatin of SQL Server developer version.I suspect it's something to do with the provider (at least that's the only thingI can see in the .Connect string that's not verifiably correct....)The error looks like this after I trap and format it:-----------------------------------------------------------------12/30/03 21:34:30v0.71 Userid: UPQC on SAGProc: basADO: ADO_ConnectionCreate-2147467259: [DBNETLIB][ConnectionOpen (Connect()).]SQL Server doesnot exist or access denied.Errors encountered when trying to connect:''''''''''[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist oraccess denied.----------Connect String:Provider=SQLOLEDB.1;SERVER=SAG;DATABASE=TRETS;UID= Trets;PWD=trets-----------------------------------------------------------------Can anybody see anything obvious to look for?I'm thinking I need to know how to verify/validate the presence of provider"SQLOLEDB.1"... But how?--PeteCresswell
I'll ask for patience cause am new to this....but I am trying to create a new connection while trying to add a new Data Source in Visual Studios, and I keep getting the error "Login failed for user 'Mohaminho-PCMohaminho'." I have tried several things that my little knowledge knows, but no success. Any ideas anyone?
Hi,Just recently I am getting the following error when trying to connect to an SQL DB: Exception has been thrown by target of an invocation. This happens even if I create a new website/solution. Procedure I use:open server explorer and click on create a new connectionchoose SQL server from the listenter my IP address and credentials, click on test and everything is fine. When I go to select the DB the dropdown box is empty, if I type in my database name and click on ok I get the following message:Exception has been thrown by target of an invocationI know it is nothing to do with SQL or credentials as I can create a datasource to my SQL server using my colleagues computer!I have removed VS 2005 from my computer and reinstalled only to be met with the same problem.reinstalling my computer is a last resort!Any ideas?Cheers, Ps, I can connect to my DB using VB code behind.
do we have to create connection and assign it to command object before creating SqlCacheDepency? chek the code below. SqlServer is not invalidating cache when there is update. When i create Dependency using command object, at that time command object does not have connection. It will assign connection to command object in Excute method SqlCommand cmd = new SqlCommand(commandText);cmd.CommandType = CommandType.StoredProcedure;SqlCacheDependency cacheItem = new SqlCacheDependency(cmd);DataSet result;result = DBHelper.Execute(cmd);HttpRuntime.Cache.Insert(cacheItemName, result, cacheItem);
I am trying to view report that i deployed to reporting service but when i try to view it, it gives error:
An error has occurred during report processing. Cannot create a connection to data source 'INVC'. For more information about this error navigate to the report server on the local server machine, or enable remote errors
I want to create an ODBC connection using windows authentication but it always failed. The error display that the database server not found. Is the any configuration I should set before create the ODBC ? Thanks in advance.
Why is it that sometimes I get this error and sometimes not after I deploy the same shared data souce to my Report Server?
Even if I try deleting the datasouce through Report Manager the redeploy it from VS 2005, it still errors out when I run my report. I am able to run my report fine in VS.
An error has occurred during report processing.
Cannot create a connection to data source 'mydatasourcenamehere'.
For more information about this error navigate to the report server on the local server machine, or enable remote error
Hi, i already create a connection to sybase(ASA) with odbc from ssis (from "data sources" section). but when i try to make data flow source it cann't. so i try to make a connection using "data source views" but when the process comes to end, it becomes error. from my analysis, the Sybase db cannot accept sql command with "[]", because in the fase "data source views" i have to select one or more table, and the default microsoft is using "[]", like: select * from [dbo].[customer], but sybase db cannot handle this. does anyone have the solution for this? Thanks.
I want to create a report from Access Database. Can anybody tell me how to connect and create a data source from Access data source. A step by step guide is preferable. I am more concerned on the connection string.
Hello, I Created a report with reportbuilder, after clicking on Run Report I got this message, Its very strange it seems that its trying to generate or create a datasource.
Para obtener más información acerca de este error, vaya al servidor de informes en el equipo del servidor local o habilite los errores remotos ---------------------------- No se puede crear una conexión al origen de datos 'dataSource1'. ---------------------------- Error al procesar el informe.
I cannot get this error resolve either for myself or any users, and I'm actually part of the Admin group! Furthermore, a user with whom I'm tring allow to view this report keeps getting prompted for their windows username and password. I thought that since this datasource was set to Windows Authentification that it would just pass it through?
Also As far as I know, I've given sufficient permissions to the right logins and right users on my SQL Databases and related stored procs that the datasets (not datasource) run
An error has occurred during report processing.
Cannot create a connection to data source 'datasourcename'.
For more information about this error navigate to the report server on the local server machine, or enable remote errors
I posted the same issue before, but I couldn't find the solution yet. I am posting this agian cos I tried almost everything and I am not able to solve the issue.
Let me explain what is happening here:
Server A - is my development local machine
Server B - is the remote reporting server, where all reports are deployed
Server C - is where the databases are located
- After successfully deploying the project (the reports and datasources) on the remote server and try to run the report , I am getting the following error message
An error has occurred during report processing. (rsProcessingAborted)
Cannot create a connection to data source 'dsCallB'. (rsErrorOpeningConnection)
For more information about this error navigate to the report server on the local server machine, or enable remote errors
- I tried to deploy and run the same report on my local machine report server(Server A), which is still accessing the same database from Server C. This works fine.
So from this we can understand that A ==> B ==> C is not working, however A ==>C works fine(using Server A as a report server).
I almost tried all the possible solutions that are posted on the forum, such as storing the credential information on the report server (server B), created a data source, which is not a shared data source, on the report server level e.t.c. and I ended up with nuthin.
The weired thing is that there are existing reports that are already created and deployed(by somebody else) in the report server (server B) , which access the database on Server C. These existing reports run with no problem, even I can create a report which uses the existing data source and runs perfectly. However, when I create a new report which uses a different data source (from Server C), and deploy it to Server B and tried to run it, the above error message comes.
Hi! I've created a project includen 3 reports based on following code on 3 server. The report includes 3 different datasources an 3 different report. All 3 reports are grouped on Database and summerizad zise.
SELECT
SD.name [Database],
SMF.name [File],
SMF.size [Size]
FROM
sys.master_files SMF INNER JOIN sys.databases SD
ON SD.database_id = SMF.database_id
I can run all reports in Visual Studio (preview). But I can only run one the reports after depolying the project! I get this message when I raun the other 2 reports:
An error has occurred during report processing.
Cannot create a connection to data source 'uasql02_datasource'.
For more information about this error navigate to the report server on the local server machine, or enable remote errors
I tried running the report from an server (where reportingservices is installed) finding that all the reports works as they should. I logged in another server with the same credentials. I got same message on the server as I get on my own camputer, "Cannot create a connection to data source ..."
Is there anybody out there having same problem as I, or someone who has any suggestion?
I successfully created the a Report model and deployed it to the server. When i run the a simple report on the SQL Server where reporting Services is installed it runs fine. When I run the report from anywhere else, I get the error below. I don't have a datasource called 'dataSource1'.
For more information about this error navigate to the report server on the local server machine, or enable remote errors ---------------------------- Cannot create a connection to data source 'dataSource1'. ---------------------------- An error has occurred during report processing.