SQL Interface Data Security
Sep 13, 2007
I would like to initiate a discussion regarding a client-side interface using a SQL db. Specifically, I want to have all users with read-only privileges, but include an event on a form that will nevertheless update a record on the server using a different user identity in ADO code - one that has read-write privileges in the database.
Is this a common approach?
View 5 Replies
ADVERTISEMENT
May 12, 2008
I know from searching this forum that there have been many variations of the issue I'm currently suffering, but I haven't found anything quite like mine or a solution to solve it. The issue I'm running into is that I am unable to log on to Reporting Services using Management Studio or the web interface when Windows Integrated Security is enabled. I have full functionality using basic security, but the risks involved make it impossible to deploy basic authentication out into production. The error I'm receiving in Management Studio is The request failed with HTTP status 401: Unauthorized. (Microsoft.SqlServer.Management.UI.RSClient). I recieve the same error when I try the web interface.
I've looked the most recent logfile in WindowsSystem32LogFilesW3SVC1 and these entries match up to the time I attempted my authentication.
Code Snippet
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 301 0 0
2008-05-12 20:30:42 <Edited: Server IP> GET /reports/ - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/home.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 302 0 0
2008-05-12 20:30:46 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0
2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248
2008-05-12 20:30:50 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 500 0 0
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254
2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
I tried to highlight one of each of the HTTP errors I am getting. 401.2 and 401.1 are the ones I kind of expected, but have no idea why I'm getting them. The 500 0 error is a bit troubling, because unless I'm mistaken thats a server side error.
Here's my current setup. As far as I can tell, I've done everything to set up correctly for Windows Integerated security.
My Specs
The server machine running all SQL 2005 services. It resides in a domain. All Clients are in the same domain.
Intel Dual Processor 3.20 gig Xenon
Windows Server 2003 w/ SP2
Microsoft Sql Server 2005 w/ SP2
Reporting Services Setup
The virtual directories Reports and ReportServer are set to Windows Integrated Security with Anonymous Access disabled. All other checkboxes in Directory Security are unchecked. For permissions in Reports, I have:
Administrators (servernameAdministrators) - Full Control
ASP.NET Machine Account - Modify, Read & Execute, List Folder Contents, Read, Write
Authenticated Users - Modify, Read & Execute, List Folder Contents, Read, Write
Creator Owner - No permissions
Domain Users - Read & Execute, List Folder Contents, Read
SQLServer2005ReportingServices]WebServiceUsers$... - Read & Execute, List Folder Contents, Read
SQLServer2005ReportServerUsers$... - Read & Execute, List Folder Contents, Read
SYSTEM - Full Control
Users (CompNameUsers) - Read & Execute, List Folder Contents, Read
In ReportServer I have the same permissions except Authenticated Users is absent.
At one point, I even added the account Everybody and gave it full control, and I still recieved a HTTP 401 error. Any help at what I might be missing would be a godsend.
Thanks.
View 1 Replies
View Related
Jun 19, 2008
Hello all,
I'm a newbie to SQL Server. I would like to practice/learn setting up web based data access. Using SQL Server 2005 and probably a sample database like AdventureWorks, I aim to create a web based interface that will allow for data access and data entry. I'm almost finished with a book about T-SQL, and I am starting to read the MS Implementation and Maintenance book, but where do I start to learn about creating the web interface? What technologies/languages are important? ADO.NET? VB.NET C#.NET?
Thanks in advance.
View 2 Replies
View Related
Jul 20, 2005
Hello,What could possibly cause data in the SQL server database to beremoved, except being deleted manually? We had a couple of situationswhere data in certain records disappeared although the records werestill there. The data is entered and editted through the web interfacein ASP. The web interface is accessed by anyone who has an account inour database.I am more of a web programmer, not a SQL server administrator, so notvery familiar with SQL Server log or error tracking. If you cansuggest any way to track this kind of events (data disappearing), Iwould appreciate it very much.HB Kim
View 10 Replies
View Related
Jun 6, 2007
Dear friends,
Hi again,
I encounter some promplems on using Data mining addins for excel, having to do with data mining staff. I have two questions.
1. In analyze tab, I try to use detect categories. I try to see in the help which algorithm do this and I see Naives, but when I check the mining model throught Microsoft visual studio I noticed that the algorithm is clustering. Is that the correct one? Does help have a mistake?
2. One more problem, I have to know some more thinks for the algorithm tha Microsoft uses. Where can I found a detailed discription of the algorithms? Is there any good explanatory report for the algorithms and results?
manolis
3. My problem is to descrimina
View 1 Replies
View Related
Aug 5, 2015
The application pool is running under my account.
Authentication for web site: Windows Authentication is enabled, everything else is disabled.
Authentication for the server: Windows Authentication is enabled, everything else is disabled.
I am an admin on both the server and the SQL instance.
SQL Server version = Microsoft SQL Server 2012 - 11.0.5343.0 (X64)
I am the only record in [mdm].[tblUser]
View 2 Replies
View Related
Apr 27, 2008
I'm developing a database-driven program using SQL server 2000 and Visual Basic 2005.
Most of the guys say professional programming is doing the validation stuff (such as the constraints and data integrity stuff like" [0-9][1] " and the use of LIKE IN keywords etc.) in the databse itself.
say i did the data validation contraints in SQL server itself. and now i connect the database with the interface made in 2005. and say a person enters some invalid data through the interface. but the error messages are generated by SQL server. how am i to display the SQL server generated error messages in the VB made interface??
PLS HELP ME .. if the question is not clear pls tell so that i can explain it further.
PLS PLS PLS HELP ME
View 1 Replies
View Related
Apr 27, 2008
I'm developing a database-driven program using SQL server 2000 and Visual Basic 2005.
Most of the guys say professional programming is doing the validation stuff (such as the constraints and data integrity stuff like" [0-9][1] " and the use of LIKE IN keywords etc.) in the databse itself.
say i did the data validation contraints in SQL server itself. and now i connect the database with the interface made in 2005. and say a person enters some invalid data through the interface. but the error messages are generated by SQL server. how am i to display the SQL server generated error messages in the VB made interface??
PLS HELP ME .. if the question is not clear pls tell so that i can explain it further.
PLS PLS PLS HELP ME
View 4 Replies
View Related
Aug 6, 2015
I want to make data changes in read_only database , that's why i must set database read_write. While database is at read_write mode, i want to be sure that no one makes change in database.
For this aim, i write the code below, but i suspect that after setting the database read_write, till the setting database
single_user ,is it possible get DML script from another user. Is the code below enough for this operation. Or is there another way?
Reminding: Read_only database can not be set single_user mode. That's why, first you must set database read_write.
The code;
use master
alter database xxx set read_write
with rollback immediate
alter database xxx set single_user
with rollback immediate
use xxx
update tablexxx set columnxxx=yyy
use master
alter database xxx set read_only
with rollback immediate
alter database xxx set multi_user
with rollback immediate
View 5 Replies
View Related
May 20, 2008
We are building canned reports and need data level security based on roles. Unfortunately row-level security in the database is not an option and client does not want a model. The types of reports we are building exceed Report Builder's functionality anyways, so it has to be done through visual studio reports. We do have access to a security table in the database that maps user's Active Directory logon names and roles.
Any direction on this is appreciated.
View 1 Replies
View Related
Aug 30, 2007
Hi Experts,
Hi experts,
I have a BI Reporting scenario, wherein i have to fetch Reports from analysis Services.
when the user tries to access a report, he should be validated uisng the Windows Authentication ID, and only data specific to that user should be display.
I am not sure if this user authentication is to be done on analysis Services/reporting services.
Any suggestions/pointers would be highly appreciated.
Thanks
Alicia Rose
View 1 Replies
View Related
Sep 11, 2015
I have a question regarding Transparent Data Encryption. I have enabled TDE on a database using the below steps:
1. Create a master key encryption by a password.
2. Create a certificate in the the user database named 'TDE_Test' protected by the master key.
3. Create database encryption key 'TDE_Test' using the certificate created in Step 2.
4. Enable encryption by using the command 'ALTER DATABASE
TDE_Test SET ENCRYPTION ON'
I understand that if I need to copy this TDE encrypted database to a different SQL Instance, I have to copy the certificate from the source Instance to the destination Instance.Now my question is, do the Service Master Key and Database Master Key come into the picture here anywhere?
Are these related to TDE in any way? Do I have to take regular backups of the Service Master Key & Database Master Key as part of regular maintenance for the SQL Instance that has a TDE encrypted database?
View 3 Replies
View Related
Aug 23, 2015
We have a situation where we need to restrict access to a sql server data file. That is, to prevent users viewing any tables, stored procedures, etc, in sql server or another tool. We are providing a our database as part of an application install to a customer's site which will run isolated on the customers network. However the application will have sql server logins and the system must still be able to execute stored procedures.
The setup unfortunately cannot be changed and we are trying to think of best implementations for this. Our customers are also working with competitors so we are very conscious about exposing our data structures to anyone outside of our company, hence trying to restrict access. If deployed to a sql instance on the customer site then they will have database administrator accounts on the server.
View 8 Replies
View Related
Nov 5, 2007
security ids seem to be made up of at least 3 32 bit unsigned numbers and a few smaller numbers. We believe their lengths vary. We dont mind dropping the "S" from the front. What data type do you recommend be used for their storage? We expect only limited joins and user visibility on this column. We may wish to create an index on this column. We think varchar and varbinary are the two major choices.
View 2 Replies
View Related
May 2, 2008
Dear guys
I want to publish my web site and sql server on a hosted server. But i'm worried about people behind the server. all of my codes including web and stored procedures of sql server are open. as far as I know, there is no effective way to protect web pages source. how about sql server? I mean compiling stored procedures.
and another important thing is data. I think certain people have potential to see or change all of my records, or for example give email address of my customers to a third party or ... .
Is there any way?
View 4 Replies
View Related
Feb 8, 2007
Hi all
I have created security roles that restrict access to a certain Dimension
and a member therein.
The security works fine when the users finened in it runs a report:
The data is accordingley ristricted.
The problem is when those same users run Report Builder and create a report,
those members are no longer restricted and they have acces to absoluteley
all data from the cubes.
Is there some way that I can force the Data Model to follow the cube's security roles?
Any help is much appreciated...
Gerhard Davids
EDIT:
I have found that it uses the wrong user when opening report builder.
For some reason it uses my windows account instead of the one I used to log onto
report manager. This is way the security isnt working
Any thoughts what may be causing this?
View 3 Replies
View Related
Jul 14, 2015
I make a backup file from my database and than I opened it in notepad.
I find some data that I can't reach with query. I searched for this data in every varchar and text column but I don't find that.I scripted all database with data but still not find.
This database is very old and this unavailable data is from 2000. Now the database run on sql 2012 server.
I want to remove this data from the database. I tried to shrink the database or allocate the free space to 0% but nothing happened, the data is still there in the backup and the mdf file too.
View 14 Replies
View Related
Aug 21, 2006
I have created a windows library control that accesses a local sql database
I tried the following strings for connecting
Dim connectionString As String = "Data Source=localhostSQLEXPRESS;Initial Catalog=TimeSheet;Trusted_Connection = true"
Dim connectionString As String = "Data Source=localhostSQLEXPRESS;Initial Catalog=TimeSheet;Integrated Security=SSPI"
I am not running the webpage in a virtual directory but in
C:Inetpubwwwrootusercontrol
and I have a simple index.html that tries to read from an sql db but throws
the error
System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
at System.Security.PermissionSet.Demand()
at System.Data.Common.DbConnectionOptions.DemandPermission()
at System.Data.SqlClient.SqlConnection.PermissionDemand()
at System.Data.SqlClient.SqlConnectionFactory.PermissionDemand(DbConnection outerConnection)
at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection,
etc etc
The action that failed was:
Demand
The type of the first permission that failed was:
System.Data.SqlClient.SqlClientPermission
The Zone of the assembly that failed was:
Trusted
I looked into the .net config utility but it says unrestricted and I tried adding it to the trusted internet zones in ie options security
I think that a windows form connecting to a sql database running in a webpage should be simple
to configure what am I missing?
View 28 Replies
View Related
May 15, 2007
Hello,
we have asp.net apps on a windows 2003 server that connect to an instance of sql server 2005 enterprise edition on another windows 2003 server. We get this error at random times. Anyone know what could be causing it?
System.Web.HttpUnhandledException: Exception of type System.Web.HttpUnhandledException was thrown. ---> System.Data.SqlClient.SqlException: SSL Security error. at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction) at System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnectionString options, Boolean& isInTransaction) at System.Data.SqlClient.SqlConnection.Open()Thanks
View 1 Replies
View Related
Jul 6, 2015
I find that dynamic masking does not work on joining tables in SQL Server 2016 CTP2.1.
For examples, I create the following table:
CREATE TABLE [dbo].[HRM_StaffAppointment](
[StaffID] [nvarchar](11) NOT NULL,
[ApptSeqNo] [smallint] NOT NULL,
[ReportingDept] [nvarchar](10) NULL,
[Code] ...
Then I apply mask on StaffID and RankDesc.
alter [dbo].[HRM_StaffAppointment] alter column [StaffID] add masked with (function='default()')
alter [dbo].[HRM_StaffAppointment] alter column [RankDesc]
add masked with (function='default()')
When User A logged in and query on HRM_StaffAppointment, StaffID and RankDesc are perfectly masked. But User A can remove the masking using another table:
CREATE TABLE [dbo].[staffID](
[staffID] [nvarchar](255)
) ON [PRIMARY]
select a.*
from dbo.HRM_StaffAppointment as a
left join dbo.staffID as b
on a.StaffID = b.StaffID
It looks like a security hole to me, or I'm doing anything wrong?
View 4 Replies
View Related
May 15, 2007
Hello,
we have asp.net apps on a windows 2003 server that connect to an instance of sql server 2005 enterprise edition on another windows 2003 server. We get this error at random times. Anyone know what could be causing it?
System.Web.HttpUnhandledException: Exception of type System.Web.HttpUnhandledException was thrown. ---> System.Data.SqlClient.SqlException: SSL Security error.
at System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnectionString options, Boolean& isInTransaction)
at System.Data.SqlClient.SqlConnection.Open()
Thanks
View 4 Replies
View Related
Dec 4, 2014
I use from sql server 2008. and c#
what is the best connectionstring?
I don't know if i use Persist Security Info and Integrated Security or not?
And if yes then their value must be true or false?
View 1 Replies
View Related
Aug 3, 2006
Hi all. I'm not sure if this is the correct place for this question, so my apologies if it should be in another section.
I need to build a simple QA (quality assurance) DB for my company (a small physician group). I have the DB built in Access, but would much prefer to put it in SQL Server for reasons of stability, security, and access control.
What I would like to do is build a web interface to this DB so the users can just click an IE shortcut on their desktop, and be able to enter information via the browser like they would in a form in MS Access.
What would be the best way of going about building something like this? My background is as an analyst, so I'm unsure when it comes to actually building a front-end.
Sorry if this question is simplistic or if it has already been answered, and thank you in advance for any assistance you may lend.
View 3 Replies
View Related
Mar 5, 2008
how can i down load interfaceor fix the problem?
View 2 Replies
View Related
Jan 4, 2008
I am working on the project for Health Care Provider. They use HL7 interface to data sources. Any other interface is not an option. I need to address following scenarios for daily ETL jobs:
Pull analyses results for patients based on certain criteria to my database (SQL2005). Hundreds of results per day.
Verify list of patients against master list thru HL7 and update data elements that has changed. There are millions of patients
I am considering using WEB Services task in SSIS for scenario 1. Scenario 2 is more complicated because of the volume of data. I am considering using BizTalk for this one. Can BizTalk handle this scenario? Is there is more efficient way?
View 2 Replies
View Related
Oct 14, 2005
Hello there I have trying to figure out for days how to enable FullTrust for my Reporting Services security extension.
View 9 Replies
View Related
Jul 31, 2007
Hi,
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says:
Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Your help is highly appreciated!
Desperate developer
View 1 Replies
View Related
Mar 21, 2007
I have written CDE to retrieve and process data before generating the report. It works very well inside VS.Net. However, when deployed to the report server I get the following error
An error has occurred during report processing. Cannot create a connection to data source 'CallsTaken'. Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I have added appropriate CAS entry in rssrvpolicy.config file as following
<CodeGroup
class="UnionCodeGroup"
version="1"
Name="CustomDataExtensionCodeGroup"
Description="Code group for the Custom Data Extension"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
version="1"
Url="C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServerinCSS.CustomDataExtension.dll"/>
</CodeGroup>
I have added appropriate entry into rsreportserver.config for data extension as
<Extension Name="Dataset Extension" Type="CSS.RS.Extensibility.CustomDataExtension.DsConnectionWrapper, CSS.CustomDataExtension"/>
Even then I continue to get this error. Any help? Is there anything else I am missing? I am using VS .Net 2005, SRSS 2005 on W23 machine.
I have been stuck here for a while now. Help is appreciated.
Thanks
View 2 Replies
View Related
Nov 17, 2007
Here is my situation: I am creating a database driven ASP.Net web application that will be used over the internet. My ASP.Net application connects to my SQL server 2005 database/server by using a SQL server login. I am using the DPAPI API to encrypt my connection stings with a hidden entropy value for extra security. I am using the SQL login for obvious reasons, as my users will not have a windows login.
What I am trying to do: I want to limit this SQL login account to be able to just run/execute stored procedures and NOT access the tables or views directly. In my ASP.Net application I am using the MS applications data block, and I am using stored procedures for every single database access action. There is no inline SQL being executed from my web application.
What I have tried so far:
I created a new schema and made the above SQL login account owner of this schema. I then granted "Execute" permissions to the SQL login and DENY permissions to all other permissions.
I created an database role with "Execute" only permissions and DENY permissions to all other permissions.
What Happened: In BOTH of the above scenarios I tested a direct SQL statement against one of my tables, from my ASP.Net application and I was able retrieve data back, NOT GOOD, exactly what I am trying to STOP.
If someone could give me (Step-by-Step) guide on how to setup the situation I am looking for, I would be very grateful!
Thanks to all that help!
View 13 Replies
View Related
Jul 17, 2000
I have the following VB function. The stored proc that is being called
("GetList") inside the function does a simple SQL Select statement against
an SQL Server 7 database using OLE DB. I'd like to store the result of the
SQL Select statement in the "Rs" parameter to pass back to the calling
function. Whenever I call this function, I get an error message stating "No
Such Interface Supported". Does anyone know why I cannot do this?
Also, this function is being called from ASP code. That's why the "Rs" is
passed as a variant. It's created in the ASP code before this function is
called.
------------------------------------------
Function GetAddressDropDownList(Rs As Variant, CustomerId As Long)
Dim ProcComm
Dim Parameter
Set ProcComm = CreateObject("ADODB.Command")
ProcComm.CommandType = adCmdStoredProc
ProcComm.CommandText = "GetList"
Set Parameter = ProcComm.CreateParameter("CustomerId", adInteger,
adParamInput)
Parameter.Value = CustomerId
ProcComm.Parameters.Append Parameter
Set Parameter = Nothing
ProcComm.ActiveConnection = BuildConnectionString()
Rs.CursorLocation = adUseClient
Rs.Open ProcComm, , adOpenForwardOnly
Set Parameter = Nothing
Set ProcComm = Nothing
End Function
View 1 Replies
View Related
Jan 15, 2007
Is there an interface that I could use in SQL Server to create queries or tables instead of typing codes in query analyzer? Any help would be appreciated.
View 2 Replies
View Related
Jul 23, 2005
Dear All,SQL-SERVER-DBAccess interface25 usersI want to know how the users are working with the interface:* What forms the use* What routines the run ( commandbuttons)* How long they use the interface* etc.I'll use a public function to add the information.Where should i store the information ? :* in a table in the SQL-DB: 1 table for all users on the server* a text-file for each user on the users computer.What solutions is the quickest?Thanks,Filip
View 1 Replies
View Related
Dec 27, 2005
Hi everyone. I need to be able to query a database in Oracle and thenactually save the data in an MS SQL database, does anyone know what isthe best way to do this? Would it be best to do everything internal(inside MS SQL) or external (with some script: javascript, vbscript,perl)?Thanks in advanced,Mike
View 6 Replies
View Related