Using classic ASP on Windows 7pro or Windows 8.1pro, I connect to a Microsoft Access 2003 database with the connection string "Provider=Microsoft.Jet.OLEDB.4.0;Persist Security Info=False;Data Source=D:\INetPub\KN2014\Databases".
This works fine until I call for user authentication with the code:
sAccount=Request.ServerVariables("LOGON_USER")'NT challenge
if sAccount="" then
Response.Status="401 Unauthorized"
Response.End
end if
The authentication is forced on a different page. If I do this in the same window and then return to the page which connects to the database a 80004005: Unspecified error occurs. Only resolution is to close the window and reopen it. If I manually open a second window (same sessionID!) I get the same problem in the second window. The first keeps working fine, even after a refresh.
I've tried to open that second window with program code, but then I get the error in the first window also.
Searching this site, I have done the trick granting read access on sysWOW64/inetsrv. Also: If I do a clean install for Windows 7, it works fine for a while than "Something happens" (maybe installing VS of Office) and the old problem occurs again. Tricks like using basic authentication, using Kerberos or changing the order of authentication protocols seem to have no effect.
I'm an "old school" developer. I hope someone can help me by providing the most simple classic ASP code to do authenticate using windows verification and read/write access to a Microsoft access db.
With Access you need to make sure that your database working in multi-user mode (available on 2010 and later) and you need to detect when user leave your page to close connection to Access upon exiting/closing your site/page.
That is a curse of Access since earliest versions of it.
Or make sure that you open database without locks. IN SQL server that could be achived by executing following upon opening your SQl statement:
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED;
But I am not sure if this even possible in Access, better option just to switch to SQL Express.
Related
There is a long back story to this, but to summarize I am trying to create a SQL Server connection in my VB program to automatically run some queries and display results. I have been able to do this easily when the server is on my network in the past. Now my company is moving to a hosted server and I am running into issues.
I can successfully connect to the server using SSMS when I use the RUNAS command:
runas /netonly /user:[network domain]\[username] "C:\Program Files (x86)\Microsoft SQLServer\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe"
But I can't figure out how to set the VB program SQL connection string in similar fashion.
I know I can use Integrated Security = SSPI to specify Windows Authentication, but I need to pass the username and password as well, along with the network/domain information.
When I try to do this I get a "Login Failed for User..." message or "The Login is from an untrusted domain and cannot be used with Windows authentication" with Integrated Security=SSPI.
There is something about Windows Impersonation but I haven't been able to get a grip on how it would work here.
If this is possible the changes need to be almost entirely on my end, as the hosting company is very ...picky... about making any changes to their environments or settings.
I appeal to the wisdom of the internet for answers!
Extra Facts:
SQL Server 2008, Windows 7, Microsoft Visual Studio 2013, Windows Form Program
There is a good knowledge base article about that for ASP.NET, but I think the code solution also works on other platforms:
Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
currentWindowsIdentity = CType(User.Identity, System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
'Insert your code that runs under the security context of the authenticating user here.
impersonationContext.Undo()
Inside, you can run you connection with SSPI defined as you normally would.
I have an issue with logging a Support user into an Application that has a SQL Server backend.
When configuring the application itself, the SQL set-up asked me to assign whether the Security to access the Application would be Windows Authentication or SQL: server Authentication, I chose Windows Authentication, and as I was using a login called
'LabUser1' I have been able to login to the application fine.
However, when I logon to the server using a different windows login, this time 'Support', SQL keeps giving me the error:
Error accessing the database DSN
Now I know the reason is because the install of SQL happened using the 'Labuser1' profile, but how can I create a script that will allow me to add the 'Support' user to the 'Allowed Logins' so that I can logon to the app server and at least open the Application? (I have seperate logins for when I see the applicatiojn login window, so please don't confuse the matter by thinking it is a simple case of creating a login for Support....I am talking about logging into the server)
The current batch file I am trying to run is:
sqlcmd -S localhost\OCDBB01 -i createSupportlogin.sql
Then I run this batch file after having created the following SQL script:
CREATE LOGIN OCDMW1\Support FROM WINDOWS
GO
Your description of the situation is a bit confusing to me however it appears that the "SQL setup" that is part of the application configuration created a ODBC DSN that uses the credentials of person logging into the machine as the login for SQL Server.
Simply creating a new (correct) login to the SQL instance may not resolve this issue since that does nothing to modify the DSN. If you are tied to using Window Authentication for SQL access it might be necessary to create multiple DSNs for the application to use and find a way to have the correct DSN associated to the right login for the application to use.
First off, I can connect to both databases with SQL Server Enterprise Manager, so I know the servers are up and available. One of them is SQL1, the other is SQLTEST.
In my program when I use the following connection string, it work connects just fine:
conn = New DBConnect("Data Source=SQL1;Initial Catalog=SignInspection;Integrated Security=SSPI")
However, if I change SQL1 to SQLTEST the connection times out I don't get any errors other than the timeout error.
I can run the profiler on SQLTest and see that it is most definitely NOT even attempting to connect. Nothing happens at all, not a peep, nor hellow.
Any ideas? Thanks
EDIT:
Well, it's a moot point now because I got authentication working properly on our SQL1 server.
I'll post the configuration here so perhaps someone else can benefit.
First off, the web server is running IIS and .NET. Users are logged in to the intranet using Active Directory, and the .NET page needs to retrieve their log-in credentials (username most notably). The database is SQL Server 2005, running on a different machine. But the .NET app needs to impersonate as another user to connect to the database.
To successfully do both of these things go to Windows > Run, enter inetmgr and hit run. Navigate to the site and right click > properties, then click on the tab titled Directory Security, click Edit.., make sure only Integrated Windows Authentication and Digest authentication are enabled. Enter your proper AD realm and click OK. Apply the settings/hit OK.
In web.config you need the following lines
<authentication mode="Windows" />
<identity impersonate="true" username="myDomain\MyUserName" password="123mypasswordgoeshere">
replacing, of course, myDomain\MyUserName and 123mypasswordgoeshere with the username and password that has login rights on both your domain and your sql server. The connection string can probably be modified, but this is mine and it works:
Server=SQL1;Database=SignInspection;Trusted_connection=True;
These are the steps that worked for me and hopefully they'll be of use to someone else.
When you connected with the enterprise manager, was that from the same machine as you're running the VB.Net code on?
Otherwise, it can be quite a few things, ranging from firewall or DNS as mdma mentions to being setup with the wrong network protocol or maybe not accepting remote connections.
This article contains a list of things to look at (it's for SQL 2000 but it's something to get you started at least).
The obvious question - does SQLTEST have a database called "SignInspection"? Also do you log on to SQLTEST via SQL Management Studio using Windows Authentication or SQL Authentication? I would expect if either of these were the problem you would get an exception, but its worth checking.
Whenever I try to access SSRS 2008 R2 through a URL (i.e. after being published on the net), it always shows a login prompt when accessing the report. The problem does not appear in the development environment.
How do I prevent this login prompt from showing whenever I try to access a report? For the time being, we are solving this problem by providing a username and password in <appSettings> in the web.config. Once this change is made, the login prompt does not appear.
Is there a better solution to this? Am I doing this the wrong way?
I am assuming the prompt is for the username / password for the domain. Internally you are likely getting through the AD authentication check in your application as you will have permissions to deliver the report (you can test that premise with Firefox or other browser that doesnt handle AD authentication like IE does/
I think you may have setup for basic authorisation to view the report RSReportServer.config rather than web.config is that what you have done? (see this to see example http://msdn.microsoft.com/en-us/library/cc281309.aspx.)
If you are trying to get full anonymous access then you are in for some fun; luckily one of the RS team blogged a way to achieve it; I wouldn't advocate doing it straight onto a production box though.
http://blogs.msdn.com/b/jameswu/archive/2008/07/15/anonymous-access-in-sql-rs-2008.aspx
I'd start with using Internet Explorer, on a domain.. which will pass your credentials (if that is how you have this configured).
It IS possible to configure firefox to pass Windows Authentication / Token.. I don't remember how I had done this previously.
The BEST platform for using SSRS is Apple / Safari.. because when you hit the checkbox that says 'remember password' it actually remembers the password. It blows my mind that Chrome, Firefox, IE give you a prompt that says 'remember password' - but from my experience, remembering passwords only work as I expect when I am using Safari.
I'm not sure from you're question is the login box a prompt to get you access to the report server or is it a prompt on the reports datasource.
It sounds a bit like permissions to access the report server, I guess you could try giving the app pool user permissions to access the report server and run the report or use an impersonation account to access the report.
I was running into this problem for a different reason than the accepted answer. While SSRS was installed, it wasn't properly configured. Being new to installing SSRS, I had assumed some tabs in the Reporting Services Configuration Manager were set to defaults. They weren't. Once I went back and actually set them, everything worked fine.
Disable loopback
http://thetazblog.taznetworks.com/2006/03/crm-30-sbe-sql-reporting-error.html
............................
As part of our product's installation process, a database is attached to the server.
We use EXEC sp_attach_db in order to attach it to MSSQL.
The problem occures when we try to attach it with "SQL Authentication" connection string - the database is attached to the server as read-only, thus preventing any write access from being performed
This is driving us nuts... it's working just fine with Windows Authentication, and the only difference is the connection string... I tried googling for it but no mention for such a scenario is found.
Any ideas anyone?
It's important to mention that the MDF/LDF physical files are not set with "ReadOnly" attribute, so this is not the problem.
I'm curious why you can't attach the database with write permissions and then just make the whole thing read only after the install?