We have a SQL database that uses a MS Access projectfront-end, which I am now creating an ASP.Net application for (And am completely new to so may be missing some foundation concepts). With the Access project I added Active Directory groups to the database to use for permissions, logins, etc.
For the ASP app I have it set to use Forms authentication with Active Directory (ActiveDirectoryMembershipProvider). I can login to the app with the AD usernames/passwords but the connection from ASP.Net to SQL is using the ASP User.
Is there a way to provide the authentication from the ActiveDirectoryMembership through to the SQL server, so the user: bobuser would be authenticated to SQL instead of ASPNETUSER?
Or do I need to have the ASP.net app handle the permissions of which SP's a user can execute?
Hi, Can anyone tell me how i can access an application or open tables in MS sql server that are in MS Access. Its urgent and any help will be appriaciated.
I have recently transfered data from MS Access to MS SQL Server 2000 and created user interface in MS Access Project (ADP). Now I need to secure the data on server and want to access it ONLY through interface I created in MS Access. Every user has to log in the application (user id and password). Users may have the same access rights to the server (so maybe just one account or whatever I need for all of them). Can anyone advice me how to set it up? To access sql server from MS Access I am using ADO.
Certain people in our company want to use Crystal Reports for data-processing. Problem is we want them to NOT be able to access data in databases within the live server.
Given that we use trusted connection to validate all kind of data-access, I am wondering if there is a way so that (via NT administration or via some SQL Server security features) the live-server can refuse any connection request from the Crystal Reports application. At the moment the same group of people are allowed access to database (and should remain to be so) on this "live" server via some other applications (e.g. Microsoft Access).
Hi there,I have written an application which uses MS Access for it's database engine.Due to the large size which the database has become I have decided that itwould be sensible to use SQL Server with the application instead.I am an extreme SQL Server newbie so I am not really sure what I'm doingyet! I have successfully downloaded and installed the MS SQLDE 2000 andservice pack 3.What do I need to do next? Ideally I would like to convert the existingAccess database to MS SQL Server format. Also I would like to know if it ispossible to create an SQL Server database from scratch using a guienvironment similar to Access and if so which software (preferably free) doI need to achieve this?Many thanks,Clive.
I have installed the SQL Server 2000 and its up running.
I can connect to the database direct as administrator, but my test application(asp.net 2.0) returns an exception.
SqlConnection sqlConn = new SqlConnection("data source=10.61.90.24;initial catalog=testdb;persist security info=False;user id=sa;pwd=data;Type System Version=SQL Server 2000;");
sqlConn.Open();
I receive this exception: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
I have a ASP.NET time sheet management application I designed - today I put it live on the webserver and recreated the database on my SQL 2000 server. When I attempt to view, all of the pages where I query the database I catch the error "SQL Server does not exist or access denied".
The concerning part of this is that I have tested the live database from my development PC (remote - offsite) and it works fine. This shows that the database that I brought over is intact and the user has the appropriate permissions. The only thing that I changed in the application when I copied it to the server was the connection string server name to reflect the location change.
The setup is as follows:
Development PC on a broadband connection running Windows 2003 server enterprise, SQL Server 2000 SP3a, Visual Studio 2003 Enterprise.
Web/Database/Email server running Windows 2003 Standard, SQL Server 2000 SP3a, Exchange 2003, Active Directory, DNS etc.
When I run the application on the Web server from a browser with local names ie. http:\SERVER1application I get the "SQL Server does not exist or access denied" errors. When I try to connect to the application on the web server from my development PC i get the same problem.
When I changed the connection string on my development PC to the webserver/dbserver it runs fine.
I don't understand how a local proccess is having difficulty authenticating to the database when I can access it remotely just fine.
My database knowledge are with MySql and Oracle, but recently I was asked to evaluate the migration of an existing (and maybe more) from ms access to sql server. My question is simple, if all of the sql are hard coded into the code ... how well this sql will work, I mean is the sql between access and sql server are plug'n'play ? However in any case, I always rewiew all of the sql.
First off, sorry if my cross posting offends anyone. I'm posting thisin Access and SQL Server groups - not sure which one is appropriate.I have a relatively simple ASP.NET/VB.NET application that is nowhitting an Access 2000 database over an intranet. We have to migratethe database to SQL Server 7. My experience with ASP.NET is prettylimited and my experience with SQL Server is nonexistent.We have an MSDN subscription, so I went to the downloads section to getSQL Server 7. Guess what? SQL Server 6.5 is available, as is 2000 and2005, but no SQL Server 7. So my first question is, does anyone know ifit is available for MSDN subscribers?The next question is, does anyone know of a good resource that explainshow to make the transition from Access 2000 to SQL Server 7? I know thedata has to be migrated and the connection between the application andthe database modified, but am really not sure exactly what to first andthe correct way to go about it. The application is a simple productconfigurator. There's not a lot of data and it's not a very complexdatabase.Thanks in advance. If you'd like, please copy responses tolcifers(AT)yahoo.com (AT) = @TIA.Cheers.- Luther
I'm writing a C# application which connects to a local SQL database for data access. The application connects to SQL Server through windows authentication, but opens up the port and sqlbrowser to others on the network wanting to access the database through SQL Server authentication, and also allows remote users to connect to this server remotely if they have the login and password (and because the port is already open)
I understand this is not secure and open to attack, and am unsure of how to secure these processes without blocking these three types of access, from A.) the local user, B.) the network user and C.) the remote user across the net.
Have researched this a fair bit, but get somewhat lost amongst all the jargon.
I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.
Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.
I've got a football (soccer for the yanks!) predictions league website that is driven by and Access database. It basically calculates points scored for a user getting certain predictions correct. This is the URL:
http://www.pool-predictions.co.uk/home/index.asp
There are two sections of the site however that have almost ground to halt now that more users have registered throught the season. The players section and league table section have gone progressively slower to load throughout the year and almost taking 2 minutes to load.
All the calculations are performed in the Access database Ive written and there are Access SQL queries to get the data out.
My question is, is how can I speed the bloody thing up! ! Somone has alos suggested to me that I use stored procedures and SQL Server to speed things up? Ive never used SQL Server before so I am bit scared about using it (Im only a hobbyist), and I dont even know what a SP is or does. How easy will it be upgrading the whole thing to SQL Server and will it be worth the hassle, bearing in mind I expect my userbase to keep growing? Do SP help speed things up significantly? Would appreciate some advice!
We have applications connected to SQL using windows authentication. While having connection with Application user can also access to Database instance on the same time as well. We need to limit the access of user outside application.
I receive the following error when i call report server web service from an asp.net application:
"The request failed with HTTP status 401: Unauthorized."
Here are the IIS logs on the reporting services server. When i open IE and browse to the web service i provide my user credentials and i can access the web service just fine. However when i call the web service via my asp.net application it looks like my credentials are not being passed??
I have a software solution that consists of two separate applications that share a SQL Server Express database on a single computer. Everything is working great, except when both of the applications want to access the database at the same time. All I can find is information on configuring multi-user access in a distributed system. I'd appreciate any information on configuring multi-application access on a single computer.
Hi guys,I'm not sure if I'm just bad at googling but I can't seem to find a way to set an ASP.NET 2.0 web application to connect to SQL Server 2005 using the current client's user credentials. My web application is using Integrated Windows Authentication so its Page.User.Identity is set to a DOMAINusername value... I want to pass that to my connectionstring or have my connections pick up the identity automatically and use that Identity when accessing the db server.Oh and another thing, my IIS Application Pool is using a specific Identity itself, so I don't know if that might affect the above.Hope someone could help.
I have to create a query that will be returning the users and the application modules they have access for. Along with the list of users and modules the query should also return if any module is not accessible for that user.
The 'ApplicationUsers' table is like this:
CREATE TABLE #ApplicationUsers ( userId INT, UserName VARCHAR(50) ) INSERT INTO #ApplicationUsers VALUES (1, 'Daniel'), (2,'Martin'), (3, 'Brandon'), (4, 'Doug')The 'ApplicationModule' table is like this:
[Code] .....
I used pivot query but there are a couple of limitations in it(may be I am making mistakes in it). First, the pivot columns are static whereas I need dynamic column names(Application Modules). Second, I need to include all the users with all the modules with access or without access that I am unable to achieve.
Here is my situation: I am creating a database driven ASP.Net web application that will be used over the internet. My ASP.Net application connects to my SQL server 2005 database/server by using a SQL server login. I am using the DPAPI API to encrypt my connection stings with a hidden entropy value for extra security. I am using the SQL login for obvious reasons, as my users will not have a windows login.
What I am trying to do: I want to limit this SQL login account to be able to just run/execute stored procedures and NOT access the tables or views directly. In my ASP.Net application I am using the MS applications data block, and I am using stored procedures for every single database access action. There is no inline SQL being executed from my web application.
What I have tried so far:
I created a new schema and made the above SQL login account owner of this schema. I then granted "Execute" permissions to the SQL login and DENY permissions to all other permissions.
I created an database role with "Execute" only permissions and DENY permissions to all other permissions.
What Happened: In BOTH of the above scenarios I tested a direct SQL statement against one of my tables, from my ASP.Net application and I was able retrieve data back, NOT GOOD, exactly what I am trying to STOP.
If someone could give me (Step-by-Step) guide on how to setup the situation I am looking for, I would be very grateful!
i am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
I am currently working on designing a database for a bank as a school project for my database class. We have to draw up an entity relationship diagram, Sql tables, database size estimate etc. I am currently working on the security portion of the project. I need to list the groups that have access to my application and use a grid format to show access to specific tables.
Role Loans Payments Transactions Accounts Customer Emplo Database Admin SUID SUID SUID SUID SUID SUID Branch Manager SUI SUI SUI SUI SUI SUI Internal Auditor S S S S S S Loan Officer SUID SUI SUI S S Tellers S S S S SU Customers U
I am developing an application that uses Access database (mdb file) to store the user data. The user of this application is not interested in the database file (to view in MS Access Environment). Does the user machine requires MS Access installation to run my application or just some couple of dlls (OleDB driver, Access DB Engine,..) should be enough to run my application?
I get the below error on the event log of my application server which uses SQL database.
Details: RuleId:a811dcbc-4c5b-d9de-592b-f01e17fc0e9a. HealthServiceId:a5f70248-b545-4d35-7c84-e7aa87610ee4. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Alert_BaseManagedEntity". The conflict occurred in database "OperationsManager", table "dbo.BaseManagedEntity", column 'BaseManagedEntityId'.
The statement has been terminated.RuleId:a811dcbc-4c5b-d9de-592b-f01e17fc0e9a. HealthServiceId:a5f70248-b545-4d35-7c84-e7aa87610ee4. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Alert_BaseManagedEntity". The conflict occurred in database "OperationsManager", table "dbo.BaseManagedEntity", column 'BaseManagedEntityId'.The statement has been terminated..
Details: RuleId:a811dcbc-4c5b-d9de-592b-f01e17fc0e9a. HealthServiceId:a5f70248-b545-4d35-7c84-e7aa87610ee4. The INSERT statement conflicted with the FOREIGN KEY constraint "FK_Alert_BaseManagedEntity". The conflict occurred in database "OperationsManager", table "dbo. BaseManaged Entity", column 'BaseManagedEntityId'.The statement has been terminated..
I am experiencing problems with databases for the web application that i am developing. The problem is that I have transferred the database from access to sql which initially seemed to work ok. I am now however struggling to solve the problems with one of my fields titled 'notes'. The trouble is that in the original database the notes field contained different notes from different dates for each record, and each note is separated by carriage returns. It is the carriage returns that are now proving to be a problem in the sql database but i am not sure what to do. Any advice would be appreciated.ThanksDan
sql server 2000 windows 2000 authentication is through the db (not windows).
I am attempting to limit access to one of our production sql server databases. I want to ensure that only application users can connect to the db, i.e they connect to the application and the application connects to the database (database access is transparent to them). The app uses a common login account.
I would like to prevent users from connecting to the db using ad hoc query tools or other EDIs (toad for sql server, ...). Currently there is nothing stopping them from doing so using the application acct/pwd.
I am contemplating writing a trigger that checks for the program that the user is using and if the program is not recognized, kill the session. Is this the right approach or is/are there any "out of the box" utilities that will do this for me?
FYI. the acct/pwd that the app uses to access the db is well known to users.
I can't run my web application on remote pc which is connected in flan with my pc.It works on my local pc but it is not working on remote pc. i m geeting an error like as blowAn error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) i have used sql server 2000 for my database but i my getting error for sql server 2005 which i have never used in my web application.Here is the Exception detailsException Details: System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)i have used coonection string as followsData Source=neptune;Initial Catalog=azim;User ID=saso can anyone give me soluion of this problem
I have the below procedure with an output parameter '@rowcount'. Now My issue is how to access the value of '@rowcount' in my ASP.Net application using C#. I have also pasted my C# code which I am using . create procedure mypro1(@id varchar(10),@rowcount int output) as select * from canid where id like @id /* @@ROWCOUNT returns the number of rows that are affected by the last statement. */ select @rowcount=@@rowcount -------------------------------------------------- C# code to retrieve the output parameter valuecmd = new SqlCommand("mypro1", cn); cmd.CommandType = CommandType.StoredProcedure;cmd.Parameters.AddWithValue("@id", TextBox1.Text).Direction=ParameterDirection.Input; Parameter cout = new Parameter("@rowcount",SqlDbType.Int);cout.Direction = ParameterDirection.Output; cmd.Parameters.Add(cout); can some body assist me in the above code whether its right or what needs to be added to get the output parameter value.
Hi, Is there anyway I can impliment this in my application without installing it as a COM. My Web Hoster says they won't install it. The Data Access Application Block
I am writing a Windows Application which will be used by about 100 clients. (NT Authenticated)
The application is going to be used in a LAN enviroment. User who have access will download a VB.NET application from a web site.
Of course, I want to prevent any of the 100 users from using a tool such as Query Analysis or ODBC to connect directly to the database and modify data.
So, it appears the way to go is to the "Application Roles". For this to work, the application roll password has to be saved in the application to execute the sp_setapprole procedure.
Is there a way to secure this password? I am worried about a user somehow extracting the password from the application and connecting directly.
Am I on the right track here? Any ideas appreciated!
I am nearing the end of creating my Windows App for work. So I tried to publish it, that was fine until I ran the app, from the same PC as I use to develop, with the same login etc. However when I use the published app I can't connect, to the database, return to VS2005 and run my app from within there and no problems. It is SQLEXPRESS (SQL Server 2005), but I have checked the settings there are correct (I assume VS wouldn't connect otherwise).
Server (Win2003) and my PC (Win2K) are on the same domain
Using TCP/IP
I can't see how to enable JiT debugging despite the 'help' at the end of this error details... See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text ************** System.Data.SqlClient.SqlException: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Connect(Boolean& useFailoverPartner, Boolean& failoverDemandDone, String host, String failoverPartner, String protocol, SqlInternalConnectionTds connHandler, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject, Boolean aliasLookup) at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) at System.Data.SqlClient.SqlConnection.Open() at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) at TrainTrack.frmAddCompetency.frmAddCompetency_Load(Object sender, EventArgs e) at System.Windows.Forms.Form.OnLoad(EventArgs e) at System.Windows.Forms.Form.OnCreateControl() at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible) at System.Windows.Forms.Control.CreateControl() at System.Windows.Forms.Control.WmShowWindow(Message& m) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ScrollableControl.WndProc(Message& m) at System.Windows.Forms.ContainerControl.WndProc(Message& m) at System.Windows.Forms.Form.WmShowWindow(Message& m) at System.Windows.Forms.Form.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer (machine.config) must have the jitDebugging value set in the system.windows.forms section. The application must also be compiled with debugging enabled.
When JIT debugging is enabled, any unhandled exception will be sent to the JIT debugger registered on the computer rather than be handled by this dialog box.
trying to use MS Access Automation from within SQL Server 2000 .
Seems that OpenCurrentDatabase (Access Application property) just hangs...
Following, the code that is used:
--BOF--
--object vars DECLARE @w_object INT, @s_object INT
--error handling vars DECLARE @error INT DECLARE @src VARCHAR(255), @desc VARCHAR(255)
--execution vars DECLARE @command NVARCHAR(100), @property NVARCHAR(20)
--create an Access application EXEC @error = sp_OACreate 'Access.Application', @w_object OUT IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object, @src OUT, @desc OUT SELECT CONVERT(VARBINARY(4),@error) AS Error, @src AS Source, @desc AS [Description] RETURN END
--get default security level EXEC sp_OAGetProperty @w_object, 'AutomationSecurity', @property OUT SELECT @property AS default_security_level
--set application security level to low (no sandbox) --thought this would help, but no luck EXEC @error = sp_OASetProperty @w_object, 'AutomationSecurity', '1' --Low Security IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object GOTO Cleanup END
--Test security level EXEC sp_OAGetProperty @w_object, 'AutomationSecurity', @property OUT SELECT @property AS my_security_level
--check current user EXEC sp_OAGetProperty @w_object, 'CurrentUser', @property OUT --should be Admin SELECT @property AS current_application_user --it is Admin
--Open non password protected database, SET @command = 'OpenCurrentDatabase("C:mikros.mdb")'
--unfortunately this hangs... EXEC @error = sp_OAMethod @w_object, @command IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object, @src OUT, @desc OUT SELECT 'Failed to Open database', CONVERT(VARBINARY(4),@error) AS Error, @src AS Source, @desc AS [Description] GOTO Cleanup END
--Close current database EXEC @error = sp_OAMethod @w_object, 'CloseCurrentDatabase' IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object, @src OUT, @desc OUT SELECT 'Failed to Close database', CONVERT(VARBINARY(4),@error) AS Error, @src AS Source, @desc AS [Description] END
Cleanup: --close Application EXEC @error = sp_OAMethod @w_object, 'Quit' IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object END
--destroy Application Object EXEC @error = sp_OADestroy @w_object IF @error <> 0 BEGIN EXEC sp_OAGetErrorInfo @w_object END
