Web Service Setup And Database Security
Sep 18, 2007
Hello,
We have vendor that is implementing an employee self serve application for current and potential employees (employment applications). There is a web server in our DMZ that has the application installed but also on the server is a SQL database that has names and social security numbers. This server will also query the backend accounting server for earnings statements and W2s. We have a Cisco ASA as the firewall and SSL to protect client authentication from the Internet. There is no SSL between the web server and the accounting server. The fact that the SQL database on the web server containing SSN associated with names concerns me. It seems that none of this information is masked or encrypted and can be seen if the server was to ever be compromised.
My idea of such a service involves a web server that queries the backend database over SSL and presents the information to the user over SSL. No personally identifiable information would be resident on the web server at all, just a facade. That is not the case and it is not what we described to them as to what we want.
It seems they have installed it the only way they know how which is not secure, or maybe it is, that's why I am here. They have installed this at numerous locations and they actually wanted any and all ports open between the web server and the backend accounting server. It took us a while to get them to follow the rule of least privilege but we essentially had to do it ourselves.
Also on our main webserver for our Internet site I found the test database they used almost 2 years ago to test this application along with names and SSN. This was before I arrived and there is no encryption or authentication for this server. Is this good secure practice? All my training says no but it is hard to believe a mutli-million dollar organization is this ignorant. I guess it shouldn't surprise me, TJX didn't pay attention either.
I saw this thread which provide some good information but I am not a database admin and I am not familiar with SQL services, etc.
My questions are: Is their implementation secure? Does anyone know where I can find more info regarding web services and HIPAA? I read where 2 firewalls are required but would like documentation to show. Any suggestions on how to implement this securely?
Thanks for the help,
Mike
View 3 Replies
ADVERTISEMENT
Apr 29, 2008
Hi,
I have installed SQL Reporting Service on one server. Using the config tool, I am trying to setup the Reporting Database on a seperate SQL instance. This SQL instance is running on a Clustered SQL 2005 server.
The creation of the Database is sucessful. However when I give the Windows credentials to connect to this database on the same page, I always fail at the following task : Setting Connection Info for Reporting Server. The error message is :
"System.Runtime.InteropServices.COMException (0x800706B3)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
at System.Management.ManagementObject.Get()
at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.SetDatabaseConnection(String server, String database, ConfigurationCredentialsType credsType, String userName, String password)"
The Windows Account I am using has Full SQL Rights to the Clustered SQL Server. I have seen other posts on the forums about the 0x800706B3 error, but most of them are related to a problem with RPC.
The Reporting Services account is runing under 'Network Services'. I am not sure if this is causing the problem?
Thoughts anybody?
Thanks,
Mahmood
View 8 Replies
View Related
Nov 8, 2006
Hi all,
I had to uninstall SQL2005 Service, client-tools & BI studio applications on my laptop running XP SP-2. Now, I'm trying a fresh install, a simple install of >>just<< the 2005 DB service is failing.
Snippet of log file-------------------------
MSI (s) (F8:80) [22:35:02:484]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (F8:80) [22:35:02:484]: Warning: Local cached package 'C:WINDOWSInstaller4c483c.msi' is missing.
Snippet of log file-------------------------
CSetupBootstrapWizard returned 1
<EndFunc Name='DisplaySCCWizard' Return='0' GetLastError='183'>
Failed to find help file for LCID :3081
Loaded DLL:C:Program FilesMicrosoft SQL Server90Setup Bootstrapsqlsval.dll Version:2005.90.1399.0
<EndFunc Name='DwLaunchMsiExec' Return='0' GetLastError='0'>
Complete: InvokeSqlSetupDllAction at: 2006/10/8 22:18:10, returned true
Running: SetPackageInstallStateAction at: 2006/10/8 22:18:10
Complete: SetPackageInstallStateAction at: 2006/10/8 22:18:12, returned true
Running: DeterminePackageTransformsAction at: 2006/10/8 22:18:12
Complete: DeterminePackageTransformsAction at: 2006/10/8 22:18:25, returned true
Running: ValidateSetupPropertiesAction at: 2006/10/8 22:18:25
Complete: ValidateSetupPropertiesAction at: 2006/10/8 22:18:25, returned true
Running: OpenPipeAction at: 2006/10/8 22:18:25
Complete: OpenPipeAction at: 2006/10/8 22:18:25, returned false
Error: Action "OpenPipeAction" failed during execution.
Running: CreatePipeAction at: 2006/10/8 22:18:25
Complete: CreatePipeAction at: 2006/10/8 22:18:25, returned false
Error: Action "CreatePipeAction" failed during execution.
Action "RunRemoteSetupAction" will be skipped due to the following restrictions:
Condition "Action: CreatePipeAction has finished and passed." returned false.
The OWC11 setup failure is triggerring SQL DB Service installation to fail as well.
Please help!!!
Regards,
Uday
View 7 Replies
View Related
Jul 6, 2007
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
View 1 Replies
View Related
Jul 9, 2015
I am currently hardening our SQL 2012 (with AlwaysOn Availability Groups) environment. Both the SQL service and agent account are using service accounts (only domain user). SQL browser service is disabled. Permissions to all roles are handled by using domain groups.
Currently a lot of (default) NT Service accounts are listed (some with sysadmin privileges). Are there accounts that can be removed?
View 3 Replies
View Related
Jan 2, 2008
hi all
i get the following message error when installing sql server 2005 express :
<< sql server setup could not connect to the database service for server configuration the error was :[microsoft][gestionnaire de pilotes odbc] source de données introuvable et nom de pilote non spécifié >>
is there any help
thanks and best regards
View 6 Replies
View Related
Jun 4, 2006
OS: XP-SP2
Not able to install SQL Express 2005.
------------------------------
SQL Server Setup could not connect to the database service for server configuration. The error was: [Microsoft][SQL Native Client]SSL Provider: The certificate chain was issued by an authority that is not trusted.
Refer to server error logs and setup logs for more information. For details on how to view setup logs, see "How to View Setup Log Files" in SQL Server Books Online.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.1399.06&EvtSrc=setup.rll&EvtID=29515&EvtType=lib%5codbc_connection.cpp%40Do_sqlScript%40OdbcConnection%3a%3aconnect%40connect%40x80090325
Needles to say, above link is useless..
I had managed to install previously, but ran into problems while trying to upsize an MS-Access database, I've tried everything from creating certificate to hacking away at the registry...Log-on with a different account, etc...Anybody knows how to get around this?
Here's part of the log file:
Microsoft SQL Server 2005 9.00.1399.06
==============================
OS Version : Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Time : Sat Jun 03 20:09:53 2006
Machine : YANICK
Product : Microsoft SQL Server Setup Support Files (English)
Product Version : 9.00.1399.06
Install : Successful
Log File : e:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0005_YANICK_SQLSupport_1.log
--------------------------------------------------------------------------------
Machine : YANICK
Product : Microsoft SQL Server Native Client
Product Version : 9.00.1399.06
Install : Successful
Log File : e:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0005_YANICK_SQLNCLI_1.log
--------------------------------------------------------------------------------
Machine : YANICK
Product : Microsoft SQL Server VSS Writer
Product Version : 9.00.1399.06
Install : Successful
Log File : e:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0005_YANICK_SqlWriter_1.log
--------------------------------------------------------------------------------
Machine : YANICK
Product : MSXML 6.0 Parser
Product Version : 6.00.3883.8
Install : Successful
Log File : e:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0005_YANICK_MSXML6_1.log
--------------------------------------------------------------------------------
Machine : YANICK
Product : SQL Server Database Services
Error : SQL Server Setup could not connect to the database service for server configuration. The error was: [Microsoft][SQL Native Client]SSL Provider: The certificate chain was issued by an authority that is not trusted.
Refer to server error logs and setup logs for more information. For details on how to view setup logs, see "How to View Setup Log Files" in SQL Server Books Online.
--------------------------------------------------------------------------------
Machine : YANICK
Product : Microsoft SQL Server 2005 Express Edition
Product Version : 9.00.1399.06
Install : Failed
Log File : e:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0005_YANICK_SQL.log
Last Action : InstallFinalize
Error String : SQL Server Setup could not connect to the database service for server configuration. The error was: {Microsoft}{SQL Native Client}SSL Provider: The certificate chain was issued by an authority that is not trusted.
Error Number : 29515
--------------------------------------------------------------------------------
View 3 Replies
View Related
Dec 16, 1999
We are working on a new Payroll server. Our payroll department wants to lock out MIS and SQL Admins as much as possible. What we would like to do is allow the SQL Admins to still perform admin tasks such as backups, audit tracking, etc, while not being able to get into the tables. Also, we would prefer to do this security at the database level, rather than the server level. Any thoughts on this?
Tim Davis
View 3 Replies
View Related
Nov 29, 2007
We are using SQL 2005 / Windows Server 2003 / Sharepoint portal.
Our reports are used through Sharepoint. I have added a web part which displays the folders. There are several reports within each of the folders. Users that have access to the Sharepoint site have access to all of the reports that are available in all of the folders. I would like to control folder access through SSRS.
What is the best way for me to accomplish this?
Thanks in advance.
View 1 Replies
View Related
Nov 16, 2006
I'm installing SQL Server Express SP1 on a new Windows XP Pro SP2 laptop that is part of a corporate network. The last item in the Setup Progress dialog box says:
Workstation Components, Books Online and Development Tools....Setup failed. Refer to log file.
C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGSummary.txt looks fine except for the last few lines:
--------------------------------------------------------------------------------
Machine : ROVER
Product : Microsoft SQL Server 2005 Tools
Product Version : 9.1.2047.00
Install : Failed
Log File : c:Program FilesMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0004_ROVER_Tools.log
Last Action : InstallFinalize
Error String : SQL Server Setup failed to modify security permissions on WMI namespace \.
ootMicrosoftSqlServerComputerManagement. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that the WMI namespace exists on the destination drive.
Error Number : 29516
Is this a common error when installing on a PC that is part of a corporate network? I didn't dig too far into SQLSetup0004_ROVER_Tools.log; however, it contains a few references to "SOFTWARE RESTRICTION POLICY".
Other than this error, SQL Server Express seems to be working ok. Is this anything to be concerned about?
View 3 Replies
View Related
Jun 6, 2007
All:
I am writing an Internet/Extranet based (ASP.Net 2.0) web application that uses SQL server 2005 as the database. I am using forms authentication on my web application. I am also storing the connection string to SQL server in my web config file. The conn string is encrypted using DPAPI with entropy. I currently have created a SQL login account on my SQL server for use by the web application. This is the user ID I am using in my conn string. The reason for this is because all persons using the application will NOT have a windows login.
Here is my question: The login I created currently has defaulted to the "dbo" role and therefore has "dbo" rights to the database. I want to setup up this login account so that all it can do is execute stored procedures. I dont want this SQL login to be able to do anything else. In my application I am using stored procedures for ALL data access functions, via a data access layer in my application. Can someone guide me step by step as to how to setup this type of access for this SQL login.
Thanks,
Blue.
View 1 Replies
View Related
Feb 19, 2007
Last night at home on my 64 bit Vista machine, I encountered the same error 29506 that said that the management studio express could not be installed. I looked up the error message and below is what I received. I also installed the 64 bit .net framework which installed just fine before trying to install the SSSME.
I followed the instructions below but this did not seem to make a difference. However, I did not reboot after applying new permissions. I have installed this software a few times now on 32 bit machines for both XP and RC1 Vista, and have not had a problem. Last night, I did use the 64 bit version. Also, there is no data file yet because after the install it rolls back, so I gave myself Full permissions on the SQL server directory which should include all sub directories, right? Thanks, Teri
Error 29506.
SQL Server Setup failed to modify security permissions on file Drive:Program FilesMicrosoft SQL ServerMSSQL.xMSSQLData for user SYSTEM. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive.
Note A SQL Server service pack refers to SQL Server 2005 Service Pack 1 (SP1) and later service packs.
CAUSE
This problem occurs because one or more data files exist that do not have the required permissions. By default, the Full Control permission of the Administrators group is granted to the data file when you create a database. If the permission of this group is removed from the data file, the SQL Server 2005 service pack setup will fail.
RESOLUTION
To resolve this problem, grant the Full Control permission to the Administrators group on all data files and on the Data folder. To grant the Full Control permission to the data files, follow these steps:
1.
Locate the folder that contains the data files. By default, these files are located in the following folder:
C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLData
2.
Right-click the data file that has no required permissions for the Administrators group, and then click Properties.
3.
If the Administrators group is not in the Group or user names list, click Add, type Administrators, and then click OK.
4.
Click Administrators in the Group or user names list, and then click to select the Allow check box for the Full Control item in the Permissions for Administrators list.Note If the files in the Data folder have an orphan owner, you have to take ownership of the files and then grant the Full Control permission to the files. We recommend that you do not change the default permissions for the data files.
View 5 Replies
View Related
Aug 26, 2015
Our software vendor rep is trying to upgrade MS SQL server 2008 SP4 to 2012 SP1. Get an error message: no mapping between account names and security ADs was done. He says that we get this error message because we have two domain controllers in our network, and one is running on the same windows server that run sql server. Out IT support disagrees to delete the second domain controller, saying it is recommended by Microsoft and he suggests that the problem is in Active directory.
View 2 Replies
View Related
Mar 28, 2007
Hi,
I am using SQL Server 2005 Reporting Services. I want to make it secure. I am also using WCF services and made them secure using Claim based System.Identity Model.
I want to apply same claim based model to Reporting Services.
How can I do that?
Amit
View 2 Replies
View Related
Dec 13, 2007
I'm working on a project that requires integration of SQL Server Reporting Services with ASP.NET 3.0 Web Applications.
I'm working on Visual Studio 2005, with SQL Server 2005 on an XP development workstation.
SQL Server, Reporting Services, and IIS are all running on my local machine.
I'm trying to prototype two approaches, one using the Report Viewer control, and the second using the Reporting Services Web Service. I have the two examples setup in projects in Visual Studio.
The sample reports and data sources work fine in Visual Studio. I can access the report using the Reporting Services URL like this: http://localhost/Reports/Pages/Report.aspx?ItemPath=%2fBTT_BDS_DEV%2fCustomers; Report works fine.
My problem is, that when I try and access the report using the Report Viewer inside an ASP.NET page or from the Web Serivce hooked up inside an ASP.NET Page I get a security errors. I have chosen Windows Security for the Datasource, and ASP.NET pages. In the case of the Web Service, I'm passing in my local domain user name as the credentials.
I'm prototyping this on my local workstation, but I need to design this to be used on our corporate Intranet using Windows Security.
My questions are:
1. How do I need to setup users on my local development workstation to get this to work.
2. How should I plan for user security for enterprise deployment, i.e. using Reporting Services inside a large ASP.NET Web Application?
3. Can anybody give me some links to some good developer type working examples of doing this. I've looked but have not found the answers
to the "how do I setup users" part of the question specifcally related to ASP.NET apps?
Below is the code example of the Web Services example app I'm working with which came out of a book I have on
Reporting Services. This example compiles and seems like it would work but doesn't. Also following are a few of the
error messages I get when experimenting with the example apps:
Errors:
1. The permissions granted to user 'LocalMachineNameASPNET' are insufficient for performing this operation. (rsAccessDenied)
2. System.Web.Services.Protocols.SoapException was unhandled by user code
Message="System.Web.Services.Protocols.SoapException: The permissions granted to user 'LocalMachineName\ASPNET' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'WCRBUSCNC2830B\ASPNET' are insufficient for performing this operation. at Microsoft.ReportingServices.Library.RSService._GetReportParameterDefinitionFromCatalog(CatalogItemContext reportContext, String historyID, Boolean forRendering, Guid& reportID, Int32& executionOption, String& savedParametersXml, ReportSnapshot& compiledDefinition, ReportSnapshot& snapshotData, Guid& linkID, DateTime& historyOrSnapshotDate, Byte[]& secDesc) at Microsoft.ReportingServices.Library.GetDataForExecutionAction._GetDataForExecution(CatalogItemContext reportContext, ClientRequest session, String historyID, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& snapshotExecutionDate, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.GetDataForExecutionAction.ExecuteStep(CatalogItemContext reportContext, ClientRequest session, DataSourcePromptCollection& prompts, ExecutionSettingEnum& execSetting, DateTime& executionDateTime, ReportSnapshot& snapshotData, Int32& pageCount, Boolean& hasDocMap, PageSettings& reportPageSettings) at Microsoft.ReportingServices.Library.CreateNewSessionAction.Save() at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) --- End of inner exception stack trace --- at Microsoft.ReportingServices.WebServer.ReportExecution2005Impl.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo) at Microsoft.ReportingServices.WebServer.ReportExecutionService.LoadReport(String Report, String HistoryID, ExecutionInfo& executionInfo)"
Source="System.Web.Services"
Actor="http://localhost/ReportServer/ReportExecution2005.asmx"
Lang=""
Node="http://localhost/ReportServer/ReportExecution2005.asmx"
Role=""
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at WebReportTester.localhost.ReportExecutionService.LoadReport(String Report, String HistoryID) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterWeb ReferenceslocalhostReference.cs:line 242
at WebReportTester._Default.btnExecuteReport_Click(Object sender, EventArgs e) in C:Documents and SettingsconbcxMy DocumentsVisual Studio 2005ProjectsBTT_BDS_DEVWebReportTesterDefault.aspx.cs:line 82
at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument)
at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Web Service Code Example:
protected void btnExecuteReport_Click(object sender, EventArgs e)
{
byte[] report;
//Create an instance of the Reporting Services Web Reference
localhost.ReportExecutionService rsv = new localhost.ReportExecutionService();
//Create the credentials that will be used when accessing Reporting Services
//This must be a logon that has rights to the Customers Report
rsv.Credentials = System.Net.CredentialCache.DefaultCredentials;
rsv.PreAuthenticate = true;
//The Reporting Services virtual path to the report.
string reportPath = @"/ReportFolder/Customers";
//The rendering format for the report
string reportFormat = "HTML4.0";
//The devInfo string tells the report viewer how to display with the report
StringBuilder deviceInfoBuilder = new StringBuilder();
deviceInfoBuilder.Append(@"<DeviceInfo>");
deviceInfoBuilder.Append(@"<Toolbar>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Toolbar>");
deviceInfoBuilder.Append(@"<Parameters>");
deviceInfoBuilder.Append(@"False");
deviceInfoBuilder.Append(@"</Parameters>");
deviceInfoBuilder.Append(@"<DocMap>");
deviceInfoBuilder.Append(@"True");
deviceInfoBuilder.Append(@"</DocMap>");
deviceInfoBuilder.Append(@"<Zoom>");
deviceInfoBuilder.Append(@"100");
deviceInfoBuilder.Append(@"</Zoom>");
deviceInfoBuilder.Append(@"</DeviceInfo>");
string deviceInfo = deviceInfoBuilder.ToString();
//Create an array of the values for the report parameters
localhost.ParameterValue[] parameters = new localhost.ParameterValue[1];
localhost.ParameterValue parameterValue = new localhost.ParameterValue();
parameterValue.Name = "@WTRKCustomerCode";
parameterValue.Value = "B34186";
parameters[0] = parameterValue;
//Create variables for the remainder of the parameters
string historyId = string.Empty;
string credentials = string.Empty;
string showHideToggle = string.Empty;
string extension = string.Empty;
string mimeType = string.Empty;
string encoding = string.Empty;
localhost.Warning[] warnings;
localhost.ParameterValue[] reportHistoryParameters;
string[] streamIds;
localhost.ExecutionInfo execInfo = new WebReportTester.localhost.ExecutionInfo();
localhost.ExecutionHeader execHeader = new WebReportTester.localhost.ExecutionHeader();
rsv.ExecutionHeaderValue = execHeader;
execInfo = rsv.LoadReport(reportPath, null);
rsv.SetExecutionParameters(parameters, "en-us");
try
{
//Execute the Report
report = rsv.Render(reportFormat, deviceInfo, out extension, out mimeType, out encoding, out warnings, out streamIds);
//Flush the pending response
Response.Clear();
//Set the HTTP Headers for a PDF response.
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";
//Filename is the default filename displayed
//if the user does a save as.
HttpContext.Current.Response.AppendHeader("Content-Disposition", "Customers.htm");
//Send the byte array containing the report as a binary response.
HttpContext.Current.Response.BinaryWrite(report);
HttpContext.Current.Response.End();
}
catch (Exception ex)
{
if(ex.Message != "Thread was being aborted.")
{
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ContentType = "text/html";
StringBuilder errorMessageBuilder = new StringBuilder();
errorMessageBuilder.Append(@"<HTML>");
errorMessageBuilder.Append(@"<BODY>");
errorMessageBuilder.Append(@"<H1>");
errorMessageBuilder.Append(@"Error");
errorMessageBuilder.Append(@"</H1>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(@"<BR>");
errorMessageBuilder.Append(ex.Message);
errorMessageBuilder.Append(@"</BODY>");
errorMessageBuilder.Append(@"</HTML>");
string errorMessage = errorMessageBuilder.ToString();
HttpContext.Current.Response.Write(@errorMessage);
HttpContext.Current.Response.End();
}
}
}
Any direction here related to best practices on setting up users for code use with
ASP.NET applications would be greatly appreciated...
Thanks in advance...
View 8 Replies
View Related
Nov 17, 2007
Here is my situation: I am creating a database driven ASP.Net web application that will be used over the internet. My ASP.Net application connects to my SQL server 2005 database/server by using a SQL server login. I am using the DPAPI API to encrypt my connection stings with a hidden entropy value for extra security. I am using the SQL login for obvious reasons, as my users will not have a windows login.
What I am trying to do: I want to limit this SQL login account to be able to just run/execute stored procedures and NOT access the tables or views directly. In my ASP.Net application I am using the MS applications data block, and I am using stored procedures for every single database access action. There is no inline SQL being executed from my web application.
What I have tried so far:
I created a new schema and made the above SQL login account owner of this schema. I then granted "Execute" permissions to the SQL login and DENY permissions to all other permissions.
I created an database role with "Execute" only permissions and DENY permissions to all other permissions.
What Happened: In BOTH of the above scenarios I tested a direct SQL statement against one of my tables, from my ASP.Net application and I was able retrieve data back, NOT GOOD, exactly what I am trying to STOP.
If someone could give me (Step-by-Step) guide on how to setup the situation I am looking for, I would be very grateful!
Thanks to all that help!
View 13 Replies
View Related
Mar 25, 2008
On the screen "Service Account" during SQL 2005 Developer Edition, I am choosing built-in System Account = Local System and uncheck the Customzie for each service account. that means, that this system account is set to all services,
Right?
please refresh my memory on this.
Thanks,
View 1 Replies
View Related
Aug 15, 2007
Received the following error while installing SP2
MSI (s) (D8!A0) [21:07:09:062]: Product: Microsoft SQL Server 2005 -- Error 29506. SQL Server Setup failed to modify security permissions on file C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLData for user Administrator. To proceed, verify that the account and domain running SQL Server Setup exist, that the account running SQL Server Setup has administrator privileges, and that exists on the destination drive.
Tried running install with a domain account and local account with same results.
Based on the error message, I checked permission on the drive and still received the same error.
Followed resolution based on KB 916766, this did not resolve the error.
Only possible resolution I found was to disable UAP, reboot and retry the install. This will be done as a last resort, but any other suggestion will be appreciated.
Many Thanks
View 3 Replies
View Related
Jun 8, 2007
Dear Helpers,
I can not setup SQL server 2005 express and the full trial version as well.
The setup progress stops at "setting file security", and nothing happens. I dont even get an error message.
This is very annoying. I have local administrator access, so it should work. Op system: Windows XP professional.
Machine: Hp Compaq dc7700p, 1 GB RAM, 80 GB HDD
Thanks for your help in advance.
View 5 Replies
View Related
Aug 30, 2006
I had a strange experience with MS SQL Server 2005 Express Edition installation, I am running a P4 3G Processor, 1 GB of RAM, Windows XP SP2, 300 GB HDD (SATA if it matters at all :) ) And using Visual Studio Pro 2005.
I have managed to install the SQL Express with no hassle at all, then had to format my HDD, and start from scratch, to make a new home for my VS 2005 Pro (The 300 GB HDD) And managed to install the SQL Express as part of the VS 2005 without any problems, after using it for 3 months now, I've started a new project in VS 2005, and tried to add a new SQL DB, but it had failed for several times.
I€™ve decided that the files got corrupted for some reason and tried to reinstall the MS SQL 2005 using the original SQL Express installation file I've used before, but without joy.
I thought that it is conflicting with some new MS Update patch and downloaded the latest SQL Express advanced installation, but that did not fix the problem either.
The message I'm getting every time I attempt the installation is" SQL Server service failed to start" with all the bla bla about the online books and whatever useless stuff to learn how to start the service manually.
I have uninstalled the whole thing, including VS 2005, .NET Framework, and any registry trace of the SQL Server installation, but again all in vain.
Finally, some smart wizard suggested in one of the threads that if your computer is not part of a domain, you should run the SQL service as a local service, using the advanced option during the first step of the setup.
And guess what! It worked!!!!
My Question is why did it work during the first two installations, without me fiddling with the advanced installation feature?
My computer was and still is, not part of any domain, my hardware did not change at all, and I had the installation failing with or without any software installed!
View 1 Replies
View Related
Aug 6, 2007
By default does CLR code run under the SQL Service Server account or the SQL Agent Service Account? Does anybody have a link to BOL or MSDN???
My assumption is its under SQL Server Service Account.
I'm trying to satisfy the DBA's security concerns in regards to CLR Code. If the account it runs under (Agent or service) has zero privliges will a dba still be able to maintain the server? Wouldnt all their backups work under a privilaged account that isnt the SQL Server Service Account?
Double posted in security.
View 6 Replies
View Related
May 28, 2000
We have successfully been using MSCS with MSSQL7 (SP1) running under NT4 EE
(SP6a), installed in an active/active configuration using, two DELL
PowerEdge 6350 machines. Recently I installed MSSQL7 (SP2), I followed the
instructions that came with SP2, and unclustered the SQL nodes using the
Failover Cluster Wizard, and installed SP2, this was uneventful, and
appeared to install correctly. Next I tried to recluster the SQL nodes
using the Failover Cluster Wizard as directed. This failed with: "Could not
run setup on remote machine. SQL Cluster Setup failed." So I began the
usual research using the usual resources, and have found articles that
discusses this error, and the things to look for when it happens. I have
exhausted all suggestions without success. I appear to have everything
correctly configured. I have enabled Cluster Logging (level 3), following
are the two things I have found that indicate something is wrong:
1. In the SQL Error Log the following gets logged when I run the wizard:
"Attempting to initialize Distributed Transaction Coordinator."
"Failed to obtain TransactionDispenserInterface:
XACT_E_TMNOTAVAILABLE"
2. In the Cluster Log I see the following message repeatedly:
"[ClRtlCopySecurityDescriptor] MakeSelfRelativeSD failed,
0x00000551"
3. In the sqlclstr.log I see the following, without an indication of
which file is missing:
"[reghelp.h:235] : 2 (0x2): The system cannot find the file
specified."
"[clushelp.cpp:166] : 259 (0x103): No more data is available."
"[validate.cpp:147] DeleteTestGroup:OpenClusterResource: 5007
(0x138f): The cluster resource could not be found."
"~~~ XXX InstallRemote failed"
Does anyone have any ideas about what could be causing this problem?
Many thanks in advance.
Christpher Cutts
LifeMasters Supported SelfCare
View 1 Replies
View Related
Sep 1, 2004
Hi, i tried to install MS SQL server 2000 in my XP system but during the setup service account installation, i tried to use a domain user account but it cannot validate my user name and password. I used my windows administrator logon account and password. Please help..thank you.
Thanks : :confused:
View 6 Replies
View Related
Apr 21, 2006
The subject says it all.
View 1 Replies
View Related
Aug 25, 2006
Hi,
I am trying to install Service Pack 4 to set up the SQL Server 2000 but I am having problem. When I clicked the setup.bat, the screen just "froze" with the message " validating user. Please wait..."
What seem to be the problem? Please help!!!
Thanks and regards,
View 3 Replies
View Related
May 18, 2015
I'm trying to install SQL 2005 onto a 2012 R2 server. The install is failing at the end when it is trying to start the database service. I have looked in the install logs and I'm getting the following error. I'm running 8 virtual processors on the virtual machine (8 Cores). URL...
Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually."The error is (1067) The process terminated unexpectedly.
  Â
   <Failure Type='Fatal' Error='1067'>
   <EndFunc Name='LaunchFunction' Return='1067' GetLastError='203'>
   CustomAction Do_sqlScript.3EA9D9BF_D9D2_4023_B2A7_9E2137B2FB1B returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
   05/18/2015 14:56:41.705 [4924]: Assembly Install: Failing with hr=80070005 at RemoveDirectoryAndChildren, line 396
  Â
[code]...
View 3 Replies
View Related
May 18, 2006
I am installing the SQL Server 2005 SP1 "SQLServer2005SP1-KB913090-x86-ENU.exe" on my server and everything successfully installed except the Integration Services. Below is the error I received.
05/18/2006 09:37:04.640 Product: Integration Services
05/18/2006 09:37:04.671 Integration Services (RTM 2047 ENU) - Failure
05/18/2006 09:37:04.750 Details: Unable to install Windows Installer MSP file
Couple questions I guess. Are others getting the same thing? Is there a way to fix this so it will install like a work around? Last what will this affect by this not installing correctly?
View 3 Replies
View Related
Nov 14, 2006
Hello!
I´m trying to setup a Report Server on my SQL 2005 server. In Reporting Services Configuration Manager I get an error when i try to create the Web Sevice Identity
ReportServicesConfigUI.WMIProvider.WMIProviderException: An unknown error has occurred in the WMI Provider. Error Code 80070003
at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.SetWebServiceIdentity(String applicationPool)
The default website contains an office sharepoint 2007 beta solution if that could cause the error..
Would be real grateful for some hints...
Regards
Erik B
View 7 Replies
View Related
May 22, 2006
If I have a stored procedure that is reading data in one database and writing it to another database (same instance) are there any extra grants that I must do. I do have a user created in both databases with the same certificate (backup and create certificate from the file system) and I've done the
GRANT AUTHENTICATE TO [SessionsServiceProcedureAudit];
GRANT EXECUTE ON <the cross database stored procedure>
Gary
View 8 Replies
View Related
Sep 20, 2005
I am in the process of evaluating the use of Service broker for messaging in a load balanced configuration, and am not having any success. My configuration is as follows. 1) Master database on Box #1 which is the initiator of all dialogs 2) Target database on Box #2 3) Target database on Box #3 One of my goals is that the databases on Box #2 and #3 are as close to identical as possible. My routing table on Box #1 looks something like the following Name remote_service_name broker_instance address TargetOne TargetService
E96DC67E-F696-4D93-8545-C2E92157E32D tcp://server1:4022/ TargetTwo TargetService
56607120-26AA-4AAA-B9E4-F14689C40E41 tcp://server2:4022/ My messaging process begins with a dialog initiated from the master database (Box #1) to each of the target services. At this time, only the first server "tcp://server1:4022/" is receiving messages. The sys.transmission_queue shows a message outbound to "tcp://server2:4022/" with a blank status. I believe that my delivery problem has something to do with the resolution of the dialog certificate need for the conversation. The MSDN documentation states that: "Service Broker uses a remote service binding to locate the certificate to use for a new conversation...The certificate for user_name must correspond to the certificate for a user in the database that hosts the remote service." I am confused as to how I would configure remote service binding if one can not create more than one binding for the same remote_service_name. The following throws an exception on the last creation of the binding.
---CODE SNIP---
CREATE CERTIFICATE UFEDlgCertTargetPublic
View 3 Replies
View Related
Feb 20, 2007
If all my SQL Server instances are mutually trusted, am planning to implement transport layer security with Windows authentication. My query is that if I'm using Windows authentication do I need certificates to be created? Though I am using Transport security, I can achieve encryption by ENCRYPTION - ON in the Begin Dialogue conversation. I assume Message integrity using MD5 signatures are by default provided by Service broker irrespective of whichever service options we choose?
Can I have some article references on how these security mechanisms will impact the performace of Service broker communications?
Thanks a lot,
View 5 Replies
View Related
Aug 24, 2007
Just tried to deploy my service broker solution to a test environment but got the following error:
An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.
Any idea as to what this error message actually means and what I would have to do to get it to work?
Thanks
View 3 Replies
View Related
Feb 27, 2013
I installed a SQL server 2008 R2 on a 64 bit Stand alone system today morning
Now I am trying to apply SP1 on it. But it is not progressing further with the below. How to overcome this issue.
Note: Cluster services not installed on this server. Cluster service is not there in the services.msc as well.
View 10 Replies
View Related