Stored Procedure Only Works In When App Uses Trusted Security
Dec 23, 2005
Hi,
I have a .NET application that connects to a SQL 2000 database using
trusted security. It eventually calls a stored procedure that receives
3 parameters - nothing special.
If I simply change the connection string to use a valid Userid and
Password it still connects to the DB w/o problems but when it executes
the SP I get the following:
System.Data.SqlClient.SqlException: Invalid length parameter passed to
the substring function.
I change nothing but the login. Same store procedure, same parameters.
Any ideas?
View 6 Replies
ADVERTISEMENT
Mar 25, 2006
HiI am using stored procedure in my asp.net application.filling stored procedure in datagrid.output of stored procedure is a temprory table.but resultset is blank for second time.after reconnecting to connection it is working.what is the problem?help me Thank you,
View 2 Replies
View Related
Mar 4, 2004
Hello,
I have the following stored prod in SQL server:
CREATE PROC spValidateUserIdAndPassword
@UserIdvarchar(50),
@Passwordvarchar(50)
AS
SELECT tblAdvertisers.UserID, tblAdvertisers.Password
FROM tblAdvertisers
WHERE ((tblAdvertisers.UserID = @UserId) AND (tblAdvertisers.Password = @Password))
I can run it in Query Analyzer and it returns one record as it should. I want it in ASP.NET to return the amount of rows that are effected, e.g that the login is correct.
The code I have is:
public bool ValidateUserIdAndPassword(string userId, string password)
{
sqlCommand.CommandType = CommandType.StoredProcedure;
//the name of the stored procedure
sqlCommand.CommandText = "spValidateUserIdAndPassword";
SqlParameter myParam;
//add the param's to the SP
//userId information for the user
myParam = new SqlParameter("@UserId", SqlDbType.VarChar, 50);
myParam.Value = CStr(userId);
sqlCommand.Parameters.Add(myParam);
//password information for the user
myParam = new SqlParameter("@Password", SqlDbType.VarChar, 50);
myParam.Value = CStr(password);
sqlCommand.Parameters.Add(myParam);
try
{
int rows = sqlCommand.ExecuteNonQuery();
if(rows == 1)
return true;
else
return false;
}
catch(System.Exception er)
{
//for design time error checking
return false;
}
This returns -1...
Please help me
Kind Regards
KitkatRobins :-)
View 3 Replies
View Related
May 8, 2007
Hi All,
I have a web serivce written in C++ and I'm trying to connect to a database. I'm using the same connection string that works from an aspx page written in C#. but when I copy it over to the C++ environment, I get:
System.Data.SqlClient.SqlException: Login failed for user ''. The user is not associated with a trusted SQL Server connection.
Note the username shows up as null in the error... My C++ looks like:
using namespace System:ata:qlClient;
String^ cs2 = "server=192.168.1.47;database=MyDB;integrated security=true;uid=myuser;pwd=mypassword";
SqlConnection^ myConnection = gcnew SqlConnection(cs2);
myConnection->Open();
Again, this works in C#. Interestingly, a sniffer shows a difference in an NT Authentication Packet as it's sent from my development machine to the database across the network. For the C# call, the NT Authentication packet has a username of "myuser" - from the connection string. It then gets acknowledged from the database. For the C++ call though, the username is sent as "ASPNET" - seemingly ignoring the username in the connection string. It's also rejected by the database in the next packet with the message above.
Any idea what's up with this? -- Curt
View 1 Replies
View Related
Mar 1, 2005
I have a big table A_newHistory (more than 2 million rows) with primary key fund_id + date_price . This table has to be updated every 2 hours from XML.
Every row in XML must be inserted or updated (if current id and date already exist in the table) in the A_newHistory.
The following procedure works but very slow...
How can I optimize that?
================================================== =======
CREATE PROCEDURE spSaveFundsAdjustedClose
@XML ntext
AS
DECLARE @fund_id int
DECLARE @date_price datetime
DECLARE @adj_closed float
DECLARE @XMLDoc int
SET TRANSACTION ISOLATION LEVEL SERIALIZABLE
BEGIN TRANSACTION
EXEC sp_xml_preparedocument @XMLDoc OUTPUT, @XML
DECLARE MutualFunds_Cursor CURSOR LOCAL FAST_FORWARD READ_ONLY FOR
SELECT *
FROM OPENXML (@XMLDoc , '/xml/a', 1)
WITH ([id] INT,[date] datetime, price float)
OPEN MutualFunds_Cursor
FETCH NEXT FROM MutualFunds_Cursor
INTO @fund_id, @date_price, @adj_closed
WHILE @@FETCH_STATUS = 0
BEGIN
IF EXISTS (SELECT * FROM A_newHistory
WHERE id_fund = @fund_id AND date_price = @date_price)
BEGIN
UPDATE A_newHistory
SET adj_close = @adj_closed
WHERE id_fund = @fund_id AND date_price = @date_price
END
ELSE
BEGIN
INSERT INTO A_newHistory
VALUES(@fund_id, @date_price, @adj_closed)
END
IF @@Error <> 0
BEGIN
ROLLBACK TRANSACTION
SELECT -1
RETURN
END
FETCH NEXT FROM MutualFunds_Cursor
INTO @fund_id, @date_price, @adj_closed
END
EXEC sp_xml_removedocument @XMLDoc
CLOSE MutualFunds_Cursor
DEALLOCATE MutualFunds_Cursor
COMMIT TRANSACTION
SELECT 0
GO
================================================== =======
View 1 Replies
View Related
Oct 8, 2006
One of my clients has a stored procedure on their secondary server thatcopies a bunch of data from the production server. (Replication willbreak the accounting software, according to its authors. The productionserver generates a nightly full backup, so if the secondary can bescripted to do a nightly restore from that same file, then that wouldprobably be a Big Win.)Anyway, if I execute the stored procedure from Query Analyzer, itfinishes (after nearly 24 hours) - tested once recently, and I'm sureat least a few times at some point in the past. If I run a SQL ServerAgent job that executes the stored procedure, then it gets cut off afterabout 15-20 minutes - tested once recently with a manual run, and forseveral weeks of scheduled runs before that. (This being a secondaryserver, it took a while for the problem to be noticed.) What are thelikely causes of this?Both servers are running SQL 2K with SP3, and limited to TCP/IP andnamed pipes. RPC is allowed, with a 600-second timeout, but thatdoesn't seem relevant, since both the successful and unsuccessfulmethods go well past that length. The production server is a recentpurchase, and works well for their daily operations; the secondaryserver and/or its network connection might be flaky for all I know,but that doesn't seem relevant either, since success appears todepend consistently on method of execution.
View 1 Replies
View Related
Mar 12, 2015
I have a process that keeps check on the row counts of about 100 stored procedures. The input parameters and "certified" row counts for all of the stored procedures are stored in a database. The process runs every day and executes all of the stored procedures using the parameters from the database with syntax below. The row count returned is compared against the known "certified" row count. If the counts are different, we receive an email alerting us that something has changed with the data or the sp query.
(This code is dynamically generated for all 100 + stored procedures)
SELECT COUNT(*) FROM OPENQUERY(SQLSERVER,'EXEC 'usp_HR_My_Stored_Procedure @inputparam1="12345",@inputparam2="12345"')
This worked well until I upgraded from SQL Server 2008 R2 to SQL Server 2014. Evidently Microsoft fixed this for me. The error below is now received anytime we attempt to execute a stored procedure with dynamic SQL through OPENQUERY.
The metadata could not be determined because statement 'EXEC (@sql_str)' in procedure 'usp_HR_My_Stored_Procedure ' contains dynamic SQL. Consider using the WITH RESULT SETS clause to explicitly describe the result set.
The stored procedures that are monitored change frequently, so it isn't reasonable to create tables with fixed column structures for all for all of the stored procs.
View 5 Replies
View Related
Jun 21, 2007
I have a stored procedure that works in my dataset editor, but when i try to run the report, only the "amount" field shows up. Everything else is blank. why is this happening. Here is the stored procedure.
USE [RC_STAT]
GO
/****** Object: StoredProcedure [dbo].[PROC_TE_MKT_DETAIL_EXPENSE] Script Date: 06/21/2007 09:56:01 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[PROC_TE_MKT_DETAIL_EXPENSE]
(@Territory varchar(10) = Null)
AS
BEGIN
IF @Territory IS Null
BEGIN
SELECT
[Item_Description]+' '+'('+[Item_No]+')' Entry_Description
,ISNULL(RC_STAT.dbo.udf_Correct_Price(Item_No, Item_Ledger_Posting_Datetime, 'SALESAMP') * -1*Item_Ledger_Invoiced_Qty,Item_Ledger_Cost_Posted_GL * -1 ) Amount
,-1*[Item_Ledger_Invoiced_Qty] Quantity
,Customer_Name
,'' External_Doc_no
,[Item_Ledger_Sales_Responsible] SR_Code
,[Item_Ledger_Mars_Period_Code] ThePeriod
, Budget_Reporting_Group.Budget_Reporting_Group_Description
, Budget_Type.Budget_Type_Code, Budget_Type.Budget_Type_Description
, Budget_Reporting.Budget_Forecast_Period, Salesperson_Purchaser.SalesPerson_Purchaser_Code
, Salesperson_Purchaser.SalesPerson_Purchaser_Description
, CASE WHEN Budget_Reporting_Group.Budget_Reporting_Group_Id = 1 THEN Budget_Reporting_Amount ELSE - 1 * Budget_Reporting_Amount END AS Amount
, Salesperson_Purchaser.Territory_Code
,Territory.Name AS Territory_Name
,Region.Region AS Region_Name
, Budget_Reporting_Group.Budget_Reporting_Group_Id
FROM RC_DWDB_INSTANCE_1.dbo.Tbl_Budget_Reporting AS Budget_Reporting
INNER JOIN RC_DWDB_INSTANCE_1.dbo.Tbl_Budget_Reporting_Group AS Budget_Reporting_Group
ON Budget_Reporting_Group.Budget_Reporting_Group_Id = Budget_Reporting.Budget_Reporting_Group_Id
INNER JOIN RC_DWDB_INSTANCE_1.dbo.Tbl_Budget_Type AS Budget_Type
ON Budget_Reporting.Budget_Type_Code = Budget_Type.Budget_Type_Code
INNER JOIN NavisionReplication.dbo.Tbl_Salesperson_Purchaser AS Salesperson_Purchaser
ON Budget_Reporting.SalesPerson_Purchaser_Code = Salesperson_Purchaser.SalesPerson_Purchaser_Code
INNER JOIN [NavisionReplication].[dbo].[Qry_Item_Ledger_Detail]
ON [Item_Ledger_Sales_Responsible] = Salesperson_Purchaser.SalesPerson_Purchaser_Code
INNER JOIN RC_DWDB_INSTANCE_1.dbo.Territory AS Territory
ON Territory.Code = Salesperson_Purchaser.Territory_Code
LEFT OUTER JOIN RC_DWDB_INSTANCE_1.dbo.Region AS Region
ON Territory.Region_Key = Region.Region_Key
WHERE Budget_Reporting.Budget_Year = 2007
AND Budget_Type.Budget_Type_Code in ('T&E', 'MKT')
END
IF @Territory IS NOT Null
BEGIN
SELECT Budget_Reporting_Group.Budget_Reporting_Group_Description
, Budget_Type.Budget_Type_Code, Budget_Type.Budget_Type_Description
, Budget_Reporting.Budget_Forecast_Period, Salesperson_Purchaser.SalesPerson_Purchaser_Code
, Salesperson_Purchaser.SalesPerson_Purchaser_Description
, CASE WHEN Budget_Reporting_Group.Budget_Reporting_Group_Id = 1 THEN Budget_Reporting_Amount ELSE - 1 * Budget_Reporting_Amount END AS Amount
, Salesperson_Purchaser.Territory_Code
,Territory.Name AS Territory_Name
,Region.Region AS Region_Name
, Budget_Reporting_Group.Budget_Reporting_Group_Id
FROM RC_DWDB_INSTANCE_1.dbo.Tbl_Budget_Reporting AS Budget_Reporting
INNER JOIN RC_DWDB_INSTANCE_1.dbo.Tbl_Budget_Reporting_Group AS Budget_Reporting_Group
ON Budget_Reporting_Group.Budget_Reporting_Group_Id = Budget_Reporting.Budget_Reporting_Group_Id
INNER JOIN RC_DWDB_INSTANCE_1.dbo.Tbl_Budget_Type AS Budget_Type
ON Budget_Reporting.Budget_Type_Code = Budget_Type.Budget_Type_Code
INNER JOIN NavisionReplication.dbo.Tbl_Salesperson_Purchaser AS Salesperson_Purchaser
ON Budget_Reporting.SalesPerson_Purchaser_Code = Salesperson_Purchaser.SalesPerson_Purchaser_Code
INNER JOIN RC_DWDB_INSTANCE_1.dbo.Territory AS Territory
ON Territory.Code = Salesperson_Purchaser.Territory_Code
LEFT OUTER JOIN RC_DWDB_INSTANCE_1.dbo.Region AS Region
ON Territory.Region_Key = Region.Region_Key
WHERE Territory.Code = @Territory
AND Budget_Reporting.Budget_Year = 2007
AND Budget_Type.Budget_Type_Code in ('T&E', 'MKT')
END
END
View 1 Replies
View Related
Mar 7, 2008
Hi i have a script works in sql query analyzer;
declare @id decimal
declare mycur CURSOR SCROLL for select myRowID from myTable order by myRowID
open mycur;
Fetch ABSOLUTE 30 from mycur into @id
close mycur;
deallocate mycur;
select @id
this script turns me a value.
i create a stored procedure from above script and its syntax is ok;
CREATE PROCEDURE SELECT_MyRow
AS
declare @cur cursor
declare @RowID decimal
set @cur = CURSOR SCROLL
for select myRowID from myTable order by myRowID
open @cur
Fetch ABSOLUTE 30 from @cur into @RowID
close @cur
deallocate @cur
select @RowID
GO
my c# code using stored procedure is below;
Code Snippet
try
{
OleDbCommand cmd = new OleDbCommand("SELECT_MyRow", myconnection);
cmd.CommandType = CommandType.StoredProcedure;
myconnection.Open();
OleDbDataReader reader = cmd.ExecuteReader();
MessageBox.Show(reader.GetName(0));//here fails
while (reader.Read())
{
MessageBox.Show(reader.GetDecimal(0).ToString());
}
reader.Close();
myconnection.Close();
}
catch(Exception ex)
{
MessageBox.Show(ex.Message);
}
The code above fails because reader reads no values, error message is "No data exists for the row/column"
but i know exists. Can anyone help me, what is the difference between stored procedure and script ?
View 4 Replies
View Related
Nov 4, 2015
I have stored procedure on Server A which goes to ServerB to check and update table and then update on Server A as well.I have Trigger which suppose to execute stored procedure (as i mentioned above). But it failed with this error:--
Trigger code:--
CREATE TRIGGER [tr_DBA_create_database_notification] ON ALL SERVERĀ
AFTER CREATE_DATABASE
ASĀ
--execute dbadmin.dbo.usp_DBA_Refresh_DBAdmin_Tables
Error:--The operation could not be performed because OLE DB provider "SQLNCLI11" for linked server "xxx" was unable to begin a distributed transaction.Process ID 62 attempted to unlock a resource it does not own: DATABASE 21. Retry the transaction, because this error may be caused by a timing condition. If the problem persists, contact the database administrator.
Same stored procedure, if i execute manually or if i create sql job and execute this stored procedure, it works just fine..In trigger also, if i execute start job which has stored procedure, it works.My question is,why it failed when i execute stored procedure in TRIGGER.
View 5 Replies
View Related
Dec 22, 2006
Is it a safe way to use a paramter (which fetch values from querystring) in the "where-part" of my stored procedure? Or is it an securityrisk because I dont know what the user is writing in the url-field?
I got the following sqldatasource which grab the value (from querystring) into the my parameter.
<asp:SqlDataSource ID="SQLDataSource"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
runat="server"
SelectCommand="My_StoredProcedure"
SelectCommandType="StoredProcedure">
<SelectParameters>
<asp:QueryStringParameter QueryStringField="Myparameter" Name="City" Type="string" />
</SelectParameters>
</asp:SqlDataSource>
View 4 Replies
View Related
Oct 31, 2007
Hi all,
this should be a easy question, but I can't really seem to find anything on it...
Here's the scenerio:
n-tier web app, with asp/iis/sql... All database calls are done via stored procedures with the same user (lets call the user: webuser)
webuser has NO access to the db in question, but it is granted EXEC on all stored procedures.
My question is, when a user tells the web app to say delete a record, the application server (iis) makes a call to the database with the webuser security cred's... It says execute the delete stored proc.
webuser has the ability to do this, so it happens. However, in what context (this may not be the right word) does the stored procedure execute?
ie: which user does the stored proc exeucte as. It can't be webuser can it? Because webuser does not have access to the base tables.
Does the stored proc execute as the user that created it?
I'm confused...
thx all!
View 4 Replies
View Related
Mar 19, 2008
Hi,
I have a Stored Procedure in one database that grabs data from another database. I don't want the user to be able to read data from the tables that the stored procedure Selects from but I would like the user to be able to run the stored procedure. Pretty standard request I think.
What I have done is to give the user in question a login then assigned them the Execute Permissions on the stored procedure. Unfortunately they are still unable to run the stored procedure from my web app. I have "allow anonymous access" turned on but I am still getting an error when the user tries to execute the stored procedure.
Am I missing something here or could there be a bigger issue?
Thanks,
Patrick
View 5 Replies
View Related
Sep 4, 2007
Hi,
I have a stored procedure spoc_CreateNewUser.
I have a role called 'creator'. I want that no one else other than creator should be able to execute this procedure through an asp.net application or directly.If anyone attempts, it should be logged.
HOw do I do this. Please explain the answer. I am new to this.
Ron
View 1 Replies
View Related
Jan 11, 2008
Hi,
I created a CLR stored procedure, and added a web service reference, am using the generated proxy class
to call the web service, currently am facing the following security issues. I think am missing
something, what are the possible patterns to call a web service from the CLR Stored procedure.
Thank you
---------------------------------------
The following is the error that is happening each
time I call the stored procedure
A .NET Framework error occurred during execution of
user defined routine or aggregate
'MyStoredProcedure':
System.Security.SecurityException: Request for the
permission of type 'System.Net.WebPermission, System,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' failed.
System.Security.SecurityException:
at System.Security.CodeAccessSecurityEngine.Check
(Object demand, StackCrawlMark& stackMark, Boolean
isPermSet)
at System.Security.CodeAccessPermission.Demand()
at System.Net.HttpWebRequest..ctor(Uri uri,
ServicePoint servicePoint)
at System.Net.HttpRequestCreator.Create(Uri Uri)
at System.Net.WebRequest.Create(Uri requestUri,
Boolean useUriBase)
at System.Net.WebRequest.Create(Uri requestUri)
at
System.Web.Services.Protocols.WebClientProtocol.GetWe
bRequest(Uri uri)
at
System.Web.Services.Protocols.HttpWebClientProtocol.G
etWebRequest(Uri uri)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.
GetWebRequest(Uri uri)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.
Invoke(String methodName, Object[] parameters)
at MyWebServiceProxy.HelloWorld()
at MyStoredProcedure()
View 3 Replies
View Related
Jan 17, 2007
Good afternoon,so here is a question I've been struggling with that I thought folks onthe forum might have some wisdom kicking around on. I have severalproduction servers that are living within a workgroup where there is nodomain controler. However, I would still like to set up trustedsecurity for my asp.net applications. IIS is living on one server, andSQL server on another. Is there a way I can add a trusted relationshipto the machine and account that the IIS app is running under?My thanks in advance!Jonathan Wiggs*** Sent via Developersdex http://www.developersdex.com ***
View 1 Replies
View Related
Jan 21, 2004
Does anyone know how you can distribute Stored Procedures that work with a third party application but keep the contents / code of those Stored Procedures from being viewed and edited by the end users who have purchased the application as well as own and operate the SQL Server??
Thanks
View 4 Replies
View Related
Apr 30, 2008
I have an ASP page which is supposed to populate a dropdown based on values returned from a stored procedure. This ASP page is working on our old server. I recently moved all the pages, code, ect over to our new server including migrated to SQL Server 2005 (from 2000 I think), as you can tell, somthing broke...
I assume this is security related however, all the relevant security is set correctly as far as I can tell. I am granting "Execute" access for the stored procedure and "Select" access for all the referenced tables. Am I missing something? Is there another security setting which needs to be set?
View 1 Replies
View Related
Jul 20, 2005
here's my stored procedure:CREATE PROCEDURE proc@id varchar(50),@pswd varchar(20),@no_go int OUTPUTASSET NOCOUNT ONSELECT user_id FROM profileWHERE user_id=@id AND pswd=@pswdIF @@ROWCOUNT = 0BEGINSET @no_go = 1ENDELSEBEGINSELECT date,date_mod FROM ansWHERE user_id=@idSET @no_go = 0ENDUsing the PERL odbc_more_results function I can retrieve the data inthe second select statement whether the rowcount is 0 or not. Anysuggestions how to stop this
View 3 Replies
View Related
Jul 20, 2005
Dear GroupI'm having two stored procedures, sp_a and sp_bContent of stored procedure A:CREATE PROCEDURE dbo.sp_aSELECT * FROM aGOContent of stored procedure B:CREATE PROCEDURE dbo.sp_bSELECT * FROM bGOI have created a user that has execute permissions for both procedures.When I run procedure A, all works fine but when running procedure B I'mgetting an error saying that the user must have SELECT permissions on tableB.Both tables are owned by dbo, and the security role for the user doesn't hasany SELECT permission on table a and b.I'd be grateful if anyone could point me in a direction why this error mightcome up for procedure B but not for A,with a possible solution without giving the user SELECT permissions.Thanks very much for your help!Martin
View 1 Replies
View Related
Dec 7, 2000
Does anyone know of a component or other mini application that can be run on the IIS server and allow IIS to access SQL Server 7 databases using Trusted Security.
Our security unit has required us to run SQL Server with Trusted Security so changing to Mixed mode is not an option. We are also not allowed to use Basic Authentication for Active Server Pages with IIS. IIS and SQL server are also on different machines.
We are looking into the possibility of trying to create a component that would run on the IIS machine to allow us to use Trusted Security to the SQL Server (in effect try to make it work the same way that the Cold Fusion product does).
Any help would be really appreciated.
Thanks
View 1 Replies
View Related
Apr 17, 2002
I have a user who has some ODBC connections that use SQL Authentication (through a generic id)to connect to SQL Server that work fine. What worries me is the user can access the same SQL Server throught NT authentication and connect through QA, EM (registering a server) or ODBC, even though she is not listed in the security of that SQL Server as a SQL user or and NT user. Worse is that she seems to have full rights to the server. I had her log in on another box and the same thing happened. I am on SQL 2000 SP1. Anyone have any ideas to is it time to call MS?
View 2 Replies
View Related
Jul 20, 2005
Dear GroupI have found that table A had SELECT permissions for 'Public' but not tableB.Giving 'Public' SELECT permissions on table B did the trick.HOWEVER, I don't want anyone to be able to do a direct SELECT on table A orB but only give them access to the data by using the stored procedures. Isthere any way this can be set up?Thanks for your efforts!Have a nice day!Martin"Martin Feuersteiner" <theintrepidfox@hotmail.com> wrote in message news:...[color=blue]> Dear Group>> I'm having two stored procedures, sp_a and sp_b>> Content of stored procedure A:> CREATE PROCEDURE dbo.sp_a> SELECT * FROM a> GO>> Content of stored procedure B:> CREATE PROCEDURE dbo.sp_b> SELECT * FROM b> GO>> I have created a user that has execute permissions for both procedures.> When I run procedure A, all works fine but when running procedure B I'm> getting an error saying that the user must have SELECT permissions on> table B.>> Both tables are owned by dbo, and the security role for the user doesn't> has any SELECT permission on table a and b.> I'd be grateful if anyone could point me in a direction why this error> might come up for procedure B but not for A,> with a possible solution without giving the user SELECT permissions.>> Thanks very much for your help!>> Martin>[/color]
View 6 Replies
View Related
Oct 20, 2007
Hi all .
I am going to consult you about a security concept .
In my database I have a set of tables (eg. City , Country , ...)
and I have a corresponding View for each Table (eg. V_City , V_Country , ...)
and There are a set of Add/Delete/Update/List stored procedures for each object , the user which logs on to database has only EXECUTE Privilege on defined stored procedures and does not have any kind of access to any other object in database , In your opinion , Can Inserting into/Updating Views instead of Inserting into/Updating Tables cause any problem?and Is this model help improve security? Not that I access SQL Server Database from a .Net App.
Thanks in advance.
View 9 Replies
View Related
Jan 26, 2007
I have implemented an SSAS stored procedure for dynamic security and I call this stored procedure to obtain the allowed set filter. To my supprise, the stored procedure is being called repeatedly many times (more than 10) upon establishing the user session. Why is this happening?
View 20 Replies
View Related
Dec 31, 2006
Hello,
I am experiencing a head-scratcher of a problem when trying to use a Linked Server connection to query a remote SQL Server database from our SAP R/3 system. We have had this working just fine for some time, but after migrating to new hardware and upgrading OS, DBMS, and R/3, now we are running into problems.
The target database is a named instance on SQL Server 2000 SP3, Windows 2000 Server. The original source R/3 system was also on SQL Server 2000 (SP4), Windows 2000 Server. I had been using a Linked Server defined via SQL Enterprise Manager (actually defined when the source was on SQL Server 7), which called an alias defined with the Client Network Utility that pointed to the remote named instance. This alias and Linked Server worked great for several years.
Now we have migrated our R/3 system onto new hardware, running Windows Server 2003 SP1 and SQL Server 2005 SP1. I redefined the Linked Server on the new SQL 2005 installation, this time avoiding the alias and referencing the remote named instance directly, and it tests out just fine using queries from SQL Management Studio. It also tests fine with OSQL called from the R/3 server console, both when logged on as the application service account with a trusted connection, and with a SQL login as the schema owner. From outside of the application, I cannot make it fail. It works perfectly.
That all changes when I try to use the Linked Server within an SAP custom program (ABAP), however. The program crashes with a database interface error. The database error code is 15274, and the error text is "Access to the remote server is denied because the current security context is not trusted."
I have set the "trustworthy" property on the R/3 database, I have ensured the service account is a member of the sysadmin SQL role, I've even made it a member of the local Administrators group on both source and target servers, and I've done the same with the SQL Server service account (it uses a domain account). I have configured the Distributed Transaction Coordinator on the source (Win2003) system per Microsoft KB 839279 (this fixed problems with remote queries coming the other way from the SQL2000 system), and I've upgraded the system stored procedures on the target (SQL2000) system according to MS KB 906954. I also tried making the schema user a member of the sysadmin role, but that was disastrous, resulting in an instant R/3 crash (don't try this in production!), so I set it back the way it was (default).
What's really strange is no matter how I try this from outside the R/3 system, it works perfectly, but from within R/3 it does not. A search of SAP Notes, SDN forums, SAPFANS, Microsoft's KnowledgeBase, and MSDN Forums has not yielded quite the same problem (although that did lead me to learning about the "trustworthy" database property).
Any insight someone could offer on this thorny problem would be most appreciated.
Best regards,
Matt
View 12 Replies
View Related
Jun 25, 2006
CLR function has the following few lines which is invoked from Internal Activation Stored Procedure:
SqlCommand command = Connection.CreateCommand();
command.CommandText = "CREATE ASSEMBLY " + """ + AsmName + """ +" AUTHORIZATION [dbo]"+ " FROM " + "'" + regasm.UncPath + "'" + " WITH PERMISSION_SET=SAFE";
command.ExecuteNonQuery();
I am getting the following error:
"Could not impersonate the client during assembly file operation."
The CLR function is invoked from Service Broker internal activation stored procedure.
"SELECT user_name()" returns dbo just before CREATE ASSEMBLY execution.
SqlContext.WindowsIdentity.Name is "NT AUTHORITYSYSTEM" as the Data Engine runs with the LocalSystem account.
How do I create a the necessary security context for "CREATE ASSEMBLY" to succeed ?
Service Broker Queue activation with EXECUTE AS = "SELF", "OWNER", domain account or dbo, all result in the above error. The Service Broker assembly having the internal activation stored procedure is registered "unsafe".
Many Thanks.
View 13 Replies
View Related
Jan 4, 2008
I have successfully compiled & deployed the custom security extension. Currently I am having some runtime error when using the added Membership.Data.dll for authentication & authorization.
Membership.Data.dll
* signed with a strong name key
* [assembly: AllowPartiallyTrustedCallers] is added
* it uses Microsoft.Practices.EnterpriseLibrary.Data.dll for database connection
I have also added connectionstring to web.config(s) under ReportManager and ReportServer.
Here is the exception:
System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Security.SecurityException: That assembly does not allow partially trusted callers. at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) at Membership.Data.DataProvider.Acquire(String DatabaseName) at Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationUtilities.VerifyPassword(String suppliedUserName, String suppliedPassword) in C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthenticationAuthenticationUtilities.cs:line 116 at Microsoft.Samples.ReportingServices.CustomSecurity.AuthenticationExtension.LogonUser(String userName, String password, String authority) in C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthenticationAuthenticationExtension.cs:line 70 at Microsoft.ReportingServices.WebServer.RSCustomAuthentication.LogonUser(String userName, String password, String authority) at Microsoft.ReportingServices.WebServer.ReportingService2005Impl.LogonUser(String userName, String password, String authority) at Microsoft.ReportingServices.WebServer.ReportingService2005.LogonUser(String userName, String password, String authority) The action that failed was: LinkDemand The assembly or AppDomain that failed was: Membership.Data, Version=1.0.0.0, Culture=neutral, PublicKeyToken=<key>The method that caused the failure was: Microsoft.Practices.EnterpriseLibrary.Data.Database CreateDatabase(System.String) The Zone of the assembly that failed was: MyComputer The Url of the assembly that failed was: file:///c:/Program Files/Microsoft SQL Server/MSSQL.4/Reporting Services/ReportServer/bin/Membership.Data.DLL --- End of inner exception stack trace ---
Any ideas? I assume that Microsoft.Practices.EnterpriseLibrary.Data.dll is in GAC so i shouldn't have to worry about [AllowPartiallyTrustedCallers]
View 3 Replies
View Related
Jun 27, 2007
I am unable to run a stored procedure that accesses a linked Oracle database as a dataset for a deployed report in Reporting Services. I receive the following error:
An error has occurred during report processing.
Query execution failed for data set 'spName'.
Access to the remote server is denied because the current security context is not trusted.
A few facts ...
The report previews fine in Microsoft Visual Studio 2005 Version 8.0.50727.762 (SP.050727-7600) report designer with VS being installed on my local machine and a shared data source referencing Server1
The deployed report on Server2 produces the error
The stored procedure code is similar to the following:
SELECT x.FieldName as OracleField
,y.FieldName as SSfield
FROM OracleLinkedServer..DatabaseName.TableName x
LEFT JOIN Server1.dbo.TableName y
The deployed report runs fine when the stored procedure code is changed as follows. This indicates to me that the problem is truly an Oracle connection issue;
SELECT 'ABC' as OracleField
,y.FieldName as SSfield
FROM Server1.dbo.TableName y
The Oracle database is a linked database on both SQL Server1 and on SQL Server2 database engines. (I don't see where in Server2 Reporting Services I can specify additional server connections.)
I've tried to trick Mr. Reporting Services on Server2 by creating a @L_TempTable in my stored procedure, inserting the data into it, then selecting from a SQL Server1.dbo.TableName LEFT JOIN @l_TempTable, but Server2 still knows I'm trying to get out to Oracle and rewards me with the error.
I can effectively run the Server1 stored procedure script on Server2 through MSSMS -- it's just the deployed report that references the stored procedure that doesn't work
The data source properties of the deployed report are as follows:
Select -- A Custom Datasource
Connection Type: Microsoft SQL Server
Connectoin String: Data Source=Server1;Initial Catalog=DatabaseName
Select -- Credentials stored securly in the report server
Username: UserName
Password: Password
Check -- Use as Windows credentials when connecting the the data source
Check -- Impersonate the authenticated user ...
(Please do not get sidetracked on the 'A Customer Datasource' selection above. I'd rather be using a shared data source, but right now, this is just the way it is.)
Anyone's expertise would be greatly appreciated. We have a great data warehouse but sometimes you just have to go back to the Oracle ERP and slug it out. What do I need to do to get a deployed report to effectively read from a stored procedure that references an Oracle table?
To everyone, thanks for reading!
~ Delora
View 2 Replies
View Related
Aug 25, 2006
Hello,
In SQL 2005, from a stored procedure in a local database I am attempting to execute a remote stored procedure in another database on another server. I am getting the error referred to in the Subject when the local stored procedure tries to execute the remote stored procedure. A couple of comments:
The remote database is set up as a linked server in the local database. As part of the linked server definition I selected the 'be made using this security context', and provided a local user name and password.
The remote database is set to Trustworthy.
I have tried every combination of WITH Execute As on the remote stored procedure but nothing works.
I can query against the remote database successfully within Management Studio. I can even execute the remote stored procedure successfully from within M.S., but not from within my local stored procedure when it is run.
Thank you for your help on this - Amos.
View 17 Replies
View Related
Jun 19, 2015
Any way to find out who's causing "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." error in SQL Server error logs?
View 7 Replies
View Related
Jun 27, 2007
I am unable to run a stored procedure that accesses a linked Oracle database as a dataset for a deployed report in Reporting Services. I receive the following error:
An error has occurred during report processing.
Query execution failed for data set 'spName'.
Access to the remote server is denied because the current security context is not trusted.
A few facts ...
The report previews fine in Microsoft Visual Studio 2005 Version 8.0.50727.762 (SP.050727-7600) report designer with VS being installed on my local machine and a shared data source referencing Server1
The deployed report on Server2 produces the error
The stored procedure code is similar to the following:
SELECT x.FieldName as OracleField
,y.FieldName as SSfield
FROM OracleLinkedServer..DatabaseName.TableName x
LEFT JOIN Server1.dbo.TableName y
The deployed report runs fine when the stored procedure code is changed as follows. This indicates to me that the problem is truly an Oracle connection issue;
SELECT 'ABC' as OracleField
,y.FieldName as SSfield
FROM Server1.dbo.TableName y
The Oracle database is a linked database on both SQL Server1 and on SQL Server2 database engines. (I don't see where in Server2 Reporting Services I can specify additional server connections.)
I've tried to trick Mr. Reporting Services on Server2 by creating a @L_TempTable in my stored procedure, inserting the data into it, then selecting from a SQL Server1.dbo.TableName LEFT JOIN @l_TempTable, but Server2 still knows I'm trying to get out to Oracle and rewards me with the error.
I can effectively run the Server1 stored procedure script on Server2 through MSSMS -- it's just the deployed report that references the stored procedure that doesn't work
The data source properties of the deployed report are as follows:
Select -- A Custom Datasource
Connection Type: Microsoft SQL Server
Connectoin String: Data Source=Server1;Initial Catalog=DatabaseName
Select -- Credentials stored securly in the report server
Username: UserName
Password: Password
Check -- Use as Windows credentials when connecting the the data source
Check -- Impersonate the authenticated user ...
(Please do not get sidetracked on the 'A Customer Datasource' selection above. I'd rather be using a shared data source, but right now, this is just the way it is.)
Anyone's expertise would be greatly appreciated. We have a great data warehouse but sometimes you just have to go back to the Oracle ERP and slug it out. What do I need to do to get a deployed report to effectively read from a stored procedure that references an Oracle table?
To everyone, thanks for reading!
~ Delora
View 1 Replies
View Related
Oct 20, 2006
Hi,
I have a piece of Java code that needs to connect to SQL 2000 (SP4) using Windows Authentication. It's running on Windows Server 2003 SP1.
I tried JDBC v1.1 and followed the code from the following blog:
http://blogs.msdn.com/angelsb/default.aspx?p=1
But still get this error as shown below. Any help appreciated.
I am using JDK1.4.2, "sqljdbc_auth.dll" is located under "E:SQL2005JDBCDrvsqljdbc_1.1enuauthx86", also made a copy under "E:JavaTest" and "C:WindowsSystem32" but still won't work.
Cheers
Allan
===========================================================
E:JavaTest>javac -classpath ".;E:JavaTestsqljdbc.jar" TestW2.java
E:JavaTest>java -classpath ".;E:JavaTestsqljdbc.jar" -Djava.library.path=E:S
QL2005JDBCDrvsqljdbc_1.1enuauthx86 TestW2
com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user '(null)'.
Reason: Not associated with a trusted SQL Server connection.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError
(Unknown Source)
at com.microsoft.sqlserver.jdbc.IOBuffer.processPackets(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.processLogon(Unknown
Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(Unknown Source
)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(Unknow
n Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.loginWithoutFailover
(Unknown Source)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(Unknown Sour
ce)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at TestW2.main(TestW2.java:7)
===========================================================
The code is simple (TestW2.java):
import java.sql.*;
public class TestW2 {
public static void main(String[] args) {
try {
java.lang.Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
Connection conn = java.sql.DriverManager.getConnection("jdbc:sqlserver://VMW2k3ENT003.TESTCBFPOC.COM.AU;integratedSecurity=true");
System.out.println("Connected!");
conn.close();
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
==============================================================
View 27 Replies
View Related
