One of our previous developer created an ADO.NET connection string in a SSIS package with integrated security = true and that is working fine in production, but where can I see which user's Windows authentication is being used in that connection string?
Related
We recently migrated an application database to a new version from winserv2008/sql2008 to winserv2012R2/Sql2014. A service that pulls on this DB needs to be redesigned to accommodate some minor table/view definition changes.
Running the service code through tests under my personal security context works fine. However, installing and starting the service under .\LocalSystem is problematic. Looking at the service logs in event viewer I see that the service tries to connect to the sql server but gets a ERROR[28000] Login failed for user 'Domain\LocalSystemName$'.
The connection is via ODBC, SQL Server Native Client 11.0. Connection string is like:
"dsn=dsn_name;Driver={SQL Server Native Client 11.0};Database=database_name;Integrated Security=False;uid=accountname;pwd=accountpassword;Connect Timeout=15;ApplicationIntent=ReadOnly;"
Also, through the course of troubleshooting I've discovered/confirmed several things.
The sql server credentials I am using are correct, they are also being used to connect from a SQL2016 instance to the SQL14 server as a linked server.
The original service install on a utility server appears to be hitting the new database fine after the ODBC connection settings were switched.
My questions are:
Have you run into anything like this before?
Am I missing something simple in my connection string?
Are there per machine security settings in sql14 that I'm missing?
this is for the purpose of cutting an asp.net web application over from using an sql server authentication connection string to using a windows authentication connection string.
See How to: Access SQL Server Using Windows Integrated Security.
If your application runs on a Windows-based intranet, you might be able to use Windows integrated authentication for database access. Integrated security uses the current Windows identity established on the operating system thread to access the SQL Server database. You can then map the Windows identity to a SQL Server database and permissions.
To connect to SQL Server using Windows integrated authentication, you must identify the Windows identity under which your ASP.NET application is running. You must also be sure that the identity has been granted access to the SQL Server database. This topic includes a code example that displays the current Windows identity of the ASP.NET application.
As well as the application of this toward an intranet, you can use it for a public website by setting the Application Pool to run as a custom user that has a Windows logon to the SQL Server.
I am making a website for my friends. Here I have made a sign up page and using 3-tier architecture in .Net framework.
For database I am using sql server management 2008 R2.
On filling up the details in the sign up page I get an error. I am unable to understand whether I am unable to connect database or server properly.
What authentication I should use? Windows or SQL server Authentication and what has to be put up in web.config file.
Here are the screen shots.
My connectionString in DataLayerClass :
string strQuery = ConfigurationManager.AppSettings["djconnect"].ToString();
djconnect is the key that I am using in the app setting tag.
Pass connection string directly into datalayerclass using sql connection instead of passing it to web config.
I have read all the related posts here and many other discussions on other forums, but still cannot solve my problem.
I am porting a SQL Server CE application from a WindowsCE device to Win 7. The code of interests is to remotely download a table from SQL Server database using SqlCeRemoteDataAccess.Pull.
The original code on WinCE device is as follows:
SqlCeRemoteDataAccess.Pull(Tablename, sql, _remoteConnectionString, RdaTrackoption.TrackingOffWithIndexes, "ErrorTable")
When running on Win7 from Visual Studio 2012, it complains:
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
I double checked both my local and remote databases. They are not corrupted. Then I searched the Internet and this forum, and tried the suggested solution: changing the connection string from:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;
To:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
Now I got:
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
I also added Trusted_Connection=Yes or Trusted_Connection=True to the above connection string and saw the identical error. Any suggestions ? Thank you.
NOTE: The server is already set to mixed mode: both Windows and SQL Server authentication.
NEW updating: I am using C# for programming both for the device and on Win7. The remote data server agent is in sqlcesa30.dll (Microsoft SQL Server Compact Edition Server Agent 3.0). The followings are connection strings used and error messages I got:
(1) Original one that Works on WinCE devices, but on Win 7 I got:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
(2) On Win 7 I got:
Provider=PROVIDER;Data Source=Src;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
(3) On Win 7 I got:
Provider=PROVIDER;Data Source=Src;User ID=SUser;Password=1234;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
You cannot have both the Integrated Security=SSPI; and User ID=SUser;Password=1234 in a connection string at once. Pick one:
either use the integrated security (recommended) to use your current credentials - but then you must remove the UserID=...;Password=.... parts from the connection string
or then you use a specific user and password - and in this case, adding integrated security or trusted connection is moot since the UserID=...;Password=... settings will be used
So in your case, if you have properly set up integrated security, just use:
Data Source=Src;Initial Catalog=ABCD_EF;Integrated Security=SSPI;
as your connection string.
I'm using IIS 6 in Server 2003 and SQL server 2008 which sits ona seperate box. Now i would like to connect using the Application pool identity of the website to SQL server.
But somehow whenever i display the identity in page_load method it always displays the windows account using which site was browsed. I have given the details below
Server : Windows Server 2003
Database : SQL server 2008 . Web server and DB sit on different machines.
WebSite : Uses a custom app pool that runs using a custom domain account. Website has anonymous disabled and windows authentication enabled. Impersonation is not enabled in web.config.
I'm displaying the credentials using the below code :
Response.Write(HttpContext.Current.User.Identity.Name.ToString());
WindowsIdentity id = WindowsIdentity.GetCurrent();
Response.Write(id.Name);
Now i need a way of using the identity of app pool to connect to database. Please let me know how to do this. If i set the website anonymous account as the app pool identity everything works fine but i dont want to do that. Now authentication just flows as anonymous to the SQL server and it throws exception.
I'm not sure about IIS6, but in IIS8... In the advanced settings for the application pool in questions, there is an identity section. Set this to the windows credentials you want to use. Also set 'Load application profile' to true.
Then in your application, you just need to setup your connections string to use a trusted_connection instead of an SQL server username and password.
Just remember to set the windows account to have a password which never expires, unless you'll remember to update the app-pool when it does change (or the pool will stop.)
Dave
This sounds like you have Windows Authentication enabled and are using IE to connect to the site? In this case the Windows Identity is passed through to IIS.