Regarding Web.config For Sql Server Authentication
Oct 25, 2005
Hi All,
I have a query. I want to use sql server authentication
for my asp.net application. I have created a seperate username and
password for the sql server. Now I want to use that username and
password to establish the connection thru web.config. In web.config, I
don't want to give the username and password of sql server. Instead, I
want to get those details in other ways. Please tell me how to handle
the connection string with more security?
For using different services of SQL SERVER 2005 which is better... Windows Authentication or SQL Server Authentication? what are the advantages and disadvantages of both?
I wonder if it is possible to set forms authentication for report manager but leave report server "as it is". I need to authenticate users from external LDAP and can't use windows authentication for report manager, but I would also like to leave report server open for anonymous users. In that way authenticated administrators could create reports which anonymous users could read.
I tested the Security Extension Sample and got it working when I rewrote the authentication part with my own LDAP authentication.
If I have understood correctly, the report manager is just application inside report server so is it possible to use forms authentication with one application but still leave the report server with Windows authentication?
I need to figure out what kind of Authentication , I need to use for following applicaiton
Product : -
1 ) It resides on a its Domain and has access to Database on that Domain. 2 ) We have a application level login , n based on application login id display specific pages.
The question that bother me is this
Q ) If i use NT authentication , then a user will be required to
a ) Login to domain (with userid and password) first and then
b ) Then i would require to again login to applicaiton with application level login and password.(different levels of login as there) Based on the application level login i will display only specific asp pages. They have different access rights..and roles.
Requirment is to login only once..and it should authenticate to application display specific pages and authenticate to SQl server database also..
Is there any way thru which i can map my application level login to SQl server.. and what authentication should i use..
Currently have a single hard coded file path to the SSRS config file which parses the file and provides the reporting services web service url. My question is how would i run this same query against 100s of servers that may or may not share the same file path as the one hard coded ?
Is there a way to query the registry to find the location of the config file of any server ? which could be on D, E, F, H, etc.
I know I can string together the address followed by "reports" and named instance if needed, but some instances may not have used the default virtual directory name (Reports).
Am I going about this the hard way ? Is there a location where the web service url exists in a table ? I could not locate anything in the Reporting service database. Basically need to inventory all of my reporting services url's.
I folks.I Have installed sql server 2005 express and choosed windowsauthentication on instalation, but i make a mistake and now i needmixed authentication, how can i modify this whithout uninstall andinstall again the application?thanks for the help.
Hi there,I have installed MS SQL Server 2005 on my machine with windows authentication. But now I want to switch the authentication mode to SQL Authentication. I am unable to switch, I can’t find the proper way to do so here in 2005.Could any one help me in doing this?Thank you,-Ahsan
I'm new in the DBA position recently aquired, and I'm having a few issues with MSSQL configuration and administration.
1. I have created a two maintenance plans, one for system databases and another one for user databases, this plans include things such as, Integrity Checks, Optimizations and DB Backups, however the Integrity Checks fail with the error that the DB's must be in single user mode, how can I go about to make this and what are the implications of doing so?
2. There's been a few reports of MSSQL server compromises through UDP port 1433, so I closed it at firewall level, only TCP 1433 is going through, do I really need UDP 1433?
Greetings, My connection string looks like this (in the web.config) and is used with many data controls in my application: <connectionStrings><add name="connection_NAH" connectionString="Data Source=NAH;Initial Catalog=NAH;User ID=xxxx;Password=xxxx" providerName="System.Data.SqlClient" /></connectionStrings> I'm using vb.net and my code looks like this:Dim myConnection As SqlConnectionDim mySqlCommand As SqlCommandmyConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("connection_NAH").ConnectionString)mySqlCommand = New SqlCommand("UPDATE tbMasterOption SET ImageURL = 'test.gif' WHERE ID = 116977")Try myConnection.Open() mySqlCommand.ExecuteNonQuery()Catch ex As Exception Label3.Text = "Couldn't update database record: " + ex.ToString()Finally myConnection.Close() Label3.Text = "Closed db connection"End Try ------------------ The only output I get is from the label3 which says "Closed db connection". Doesn't look like any exceptions are thrown but when I look at the database the record is not updated. Originally I thought my SQLConnection was not constructed correctly but I also tested it by outputting the connection string to Label3 which looked fine. The only other thing I can think of is in the use of ExecuteNonQuery(). Is this the right method or do I need something else? Running the sql query manually works... Thanks in advance..
I'm using a package configuration to set the value of a user variable which I then use inside my package to build out a certain expression. I got this to work with the XML file option, but I can't get it to work using the SQL Server option.
So this is what Im doing.
(1) I copy pasted the package that works with the XML config option. (2) In the new package, I deleted the existing XLM config and created a new one, this time choosing the SQL Server option. After I finish, I see that the dbo.SSIS_Configurations table gets created in my database with the value of my variable in there. (3) I run the package and I see that it works. I'm not sure at this point if it is working because it's reading the value from the config table or from the BIDs environment where I initialized the value. (4) Anyway, I then go and update the value of my variable in dbo.SSIS_Configurations. (5) When I run the package again, it doesn't see the new value. What am I doing wrong?
(Using win2k, sqlserver2k, framework 1.1) I have an fairly data-heavy application that uses Windows authentication (Trusted connection/aspnet account) to connect to Sql Server. The site uses IIS basic authentication.
On the dev server everything works fine but when I move to the live server things get strange and it starts to crawl along. (Pages load OK but then it just crawls as it loads the datagrids etc. Sometimes it brings back incomplete/incorrect data )
BUT When I use Sql Authentication to connect to Sql Server and there is no problem at all!
Ok, there is something obviously wrong with the live server (which is identical setup to dev)but I dont know where to start.
I've got two applications which both have a database on my MS SQL 2000 server. The problem is, one application must use Windows Integrated Authentication (which it is currently using and cannot be changed) whilst the other application which I'm trying to configure must use a SQL password.
Since the server has already been configured to use Windows Integrated Authentication for the existing database and application, how do I configure the other database to use the SQL password?
My work is using a shared application which accesses a MSSQL 2000 database. To access the application, the folder on the Windows 2003 Server is shared and users can access the folder through a shared drive.
For the application to access the database, it uses an ODBC connection to the MSSQL server which originally used the SA password.
We have recently switched to using Windows Integrated Authentication because we believe it offers a higher level of security. However the only way in which we have been able to enable this is to add the windows users to the SQL server.
The problem with this is that the application sets permissions for individual users on what records they can see within the database. We have found that by adding the windows users to the SQL Server, they can bypass the permissions the set by the application by simply using any application that can use an ODBC connection, such as Enterprise Manager, and see all the database.
One way around this would be to set up domains of users with access privileges to the tables which reflect the permissions set by the application, and configuring a view of the data so they may only see the records that they have permissions to. However to do this would require a high administrative cost to ensure that changes made in the application are reflected in the privileges of the SQL server.
Instead, is there a way the SQL server can authenticate that the ODBC connection is coming from the correct application using Windows Integrated Authentication?
This would allow the applcation to determine security, and stop users from connecting to the SQL server using other applications.
Alternatively, can the SQL server, using Windows Integrated Authentication, also ask the application to supply a username and password?
Any help with this matter would be greatly appreciated.
I'm trying to configure ASP.NET2.0 Application to use SQL Server 2000 and yes i did make sure all my setup in configuration manager is setup and the surface area Whenever i ran the REGSQL .EXE CMD it works until i get to where it suppose to give you a list of data instance to choose from base on ScottGu article in step 4 I'm running SQLEXPRESS ADVANCE VWD EXPRESS 05 Thanks
Hello, So I am just getting started with .NET, I am using Visual Web Developer 2005 Express andSQL Server 2005 Express on XP Media Center (same as XP Pro) ASP.NET version 2.0.????Anyways, I am having the time of my life figuring out how to connect to SQL Server from within my C#, as follows,(where settings.connection = ".SQLEXPRESS;Database=MyDatabase;Integrated Security=SSPI;" in my web.config)SqlConnection conn = new SqlConnection(Settings.Connection); SqlDataReader rdr = null; try { conn.Open(); SqlCommand cmd = new SqlCommand("select * from mytable", conn); rdr = cmd.ExecuteReader(); while (rdr.Read()) { Console.WriteLine(rdr[0]); } } the above yields unspeakable errors, namely <font color="red"><b>Cannot open database requested by login. login failed for user 'computername/SQLEXPRESS'</b></font> , etcAND<font color="red"><b>A connection was successfully established with the server, but then an error occurred during the login process. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.)</b></font> If you have ANY information on the suspect, please, please report it to me. Greatly appreciated!Thanks, Cam
any suggestions on having one web config that once put on the dev servers uses the dev sql server and when put on prod will use the production sql server? would like to encrypt it and be done with it. but it needs to recognize the server it's on. I have a connection class that does this - but i need to use sqldatasource and not objectdatasource.
Which will perform better? (4) 550Mhz Xeon with 1MB cache and 2GB of RAM (2) 550Mhz Xeon with 2MB cache and 2GB of RAM (2) 550Mhz Xeon with 1MB cache and 4GB of RAM
When I installed MS SQL Server 2000 on our client's computer I installed it under a local account using Windows Authentication as the server logon and am now accessing it using a network login (remoting into the same box). The result is that if I change the password for the local Windows account and reboot the server, SQL server cannot be restarted; I get an error:
A connection could not be established to (LOCAL)
Reason: SQL SERVER does not exist or access denied. ConnectionOpen (Connect())..
Please verify SQL Server is running and check your SQL Server registration properties and try again.
I've changed the registration properties to use SQL Server Authenticaiton instead of Windows to no avail. Whichever connection option I use the server will not start unless I change the local account's password back to what it was when I installed. This works, but our client wants to have that local account's password changed for security/peace of mind. Any help or advice would be appreciated here :)
I have been developing a SQL based data warehouse for financial reporting purposes. I do expect the database to continue to grow over the next few years.
Right now, I am running SQL Server 2000 on an HP DL380 G3 with dual Xeon 2.8GHz, 1.5GB of ECC DDR RAM, 4x 300GB SCSI 10K RPM HDD's.
I would like to replace the server as it is now two generations old and because when there are five people running queries against the data, it starts taking minutes to return the results. When this reporting database hits production, it will be queried by up to 20 people simultaneously and I don't feel the current server will provide results in reasonable amounts of time.
I would like to know what you people think I should be doing to provide an optimal environment for this data warehouse. Should I stick with SQL Server 2000 or move to 2005? Why would you recommend that?
I am thinking of replacing the server with the following configuration: HP GL380 G5, 2x Xeon E5345 Quad-core CPU's, 4GB PC2-5300 ECC DDR2 RAM, 8x 72GB SAS 15K RPM HDD's. Do you think this is an ideal configuration? Too much? Too little?
I would love to hear what you have to say and suggest. Thank you in advance!
I have been developing a SQL based data warehouse for financial reporting purposes. I do expect the database to continue to grow over the next few years.
Right now, I am running SQL Server 2000 on an HP DL380 G3 with dual Xeon 2.8GHz, 1.5GB of ECC DDR RAM, 4x 300GB SCSI 10K RPM HDD's.
I would like to replace the server as it is now two generations old and because when there are five people running queries against the data, it starts taking minutes to return the results. When this reporting database hits production, it will be queried by up to 20 people simultaneously and I don't feel the current server will provide results in reasonable amounts of time.
I would like to know what you people think I should be doing to provide an optimal environment for this data warehouse. Should I stick with SQL Server 2000 or move to 2005? Why would you recommend that?
I am thinking of replacing the server with the following configuration: HP GL380 G5, 2x Xeon E5345 Quad-core CPU's, 4GB PC2-5300 ECC DDR2 RAM, 8x 72GB SAS 15K RPM HDD's. Do you think this is an ideal configuration? Too much? Too little?
I would love to hear what you have to say and suggest. Thank you in advance!
I'm trying to get a SSIS package to run as a SQL Server Agent job. The package uses a config file. When I try to add the config file to the job under the Configurations tab. When I click on the 'Add' button, I get the following error:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
The EXECUTE permission was denied on the object 'xp_availablemedia', database 'mssqlsystemresource', schema 'sys'. The user does not have permission to perform this action. The statement has been terminated. (Microsoft SQL Server, Error:229)
As we know Sql Server 2005 provides its ability to deploy clr assembly on it. However my problem is that my assembly has a configuration file. I used ConfigurationManager.GetSection to create some of the object. When I am deploying the project the trouble is that the app.config is missing. I used a class lib project type to create the assembly. Besides changing a storing method, can I still use this config file to reach my goal? Sqlserver.exe.config is not a good idea and it is not workable. The sqlserverexe host cannot find the assembly files.
Firstly I should say my Reporting Services were working fine until I changed a setting in IIS today - under the Virtual Directory for the site I clicked Properties>ASP.NET>Edit Configuration. Changed 'Authentication' to Forms and everything went wrong; changing it back to Windows made no difference.
Now when trying to navigate to Report Server / Report Manager I get these errors:
RS : An internal error occurred on the report server. See the error log for more details. (rsInternalError) Get Online Help Object reference not set to an instance of an object. RM: The report server is not responding. Verify that the report server is running and can be accessed from this computer.
Following advice found elsewhere on the web, I checked my web.config file for an an erroneous xmlns entry... but it wasn't there. I have also deleted/recreated my virtual directories from within IIS/RSC. Also I have done a basic reinstall of Reporting Services (from within Add/Remove Programs>Change).
Below are my error logs and the listings for my web.config files; hopefully these will be of use in working out where the problem lies - I really need to get this fixed as soon as possible.
Thanks in advance, Dan
SQLDmpor####.log
w3wp!library!1!11/30/2007-20:22:40:: i INFO: Exception dumped to: d:AppsSQL2005MSSQL.2Reporting ServicesLogFiles flags= ReferencedMemory, AllThreads, SendToWatson w3wp!library!1!11/30/2007-20:22:40:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details., ; Info: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.ReportingServices.Library.WebConfigUtil.GetWebConfigAuthenticationAttribute(String attrName) at Microsoft.ReportingServices.Library.WebConfigUtil.GetAuthenticationType() at Microsoft.ReportingServices.Library.WebConfigUtil.get_UsingWindowsAuth() at Microsoft.ReportingServices.WebServer.Global.EnableAntiDos() at Microsoft.ReportingServices.WebServer.Global.Application_EndRequest(Object sender, EventArgs e)
When clicking to open SQL SERVER CONFIGURATION MGR I recieve the following....
MMC cannot open the file C:WindowsSystem32SQLServerManager.msc This may be because the file does not exist, (it does) is not an MMC console, or was created by a later version of MMC This may also be because you do not have sufficient access rights to the file.
We are going to have two SQL 2000 Servers with a SQL 2005 distributor server that will handle 1 way transactional replication. What kind of server should I ask IT to spec out that would satisfy an installation such as this?
Our production DB is 30GB and we are replication about 60% of the data to another server.
HiI'm new this .I' using SQL 2005 VWD05.Could some body tell me how to upload to my host server database to to run a membership user account.I dont know what are the procedure to do on my pc in order to transfer the file on the database.Thanks
I want to send the mail to the users of my system when there is any changes in the database or when i assign any user to the project giving them the information about the changes or asignee.
For this first i have to configrue Database mail in the SQL Server 2005. I tried this by going to the SQL Server 2005 Management Studio -> Object Explorer -> Management -> .............but there i donot find the Database mail option.
Again i went to the configuration tool -> SQL Server Surface Area Configuration -> Surface Area Configuration....and there I enabled database mail.......
But still I have a problem of getting Database mail Option Object Explorer -> Management -> .......
I have been using SQLServer2005_SSMSEE for this as this is windows installer package.....what is the problem
I am tried for searching this..........and its very important for me.....
Will please help me in this condition its very urgent.....