I have 2 servers setup at the moment. One is a web server running Win Server 08 and the other is a database server running SQL Server 08 on Win Server 08.
Currently I have my site setup so that it can read/write to the database by using a connection string I created with the database name, server ip, db user and db pwd. The db user I have created has a 'public' role setup in the database (not db owner) and can just run exec stored procedures. My the connection string currently looks like this:
<add name="SiteDBConn" connectionString="Server=IPOfServer;Database=DBname;User ID=userhere;Password=passhere;"/>
While this is working perfectly for me, I would like to setup a database connection string that did not contain any username and password. On some of my other servers, where SQL server resides on the same server as the web files, I am able to use a trusted connection and use the built in 'Network Service' user on my database. This lets me run a connection string with no username and password like so:
<add name="SiteDBConn" connectionString="Server=localhost;Database=DBname;Trusted_Connection=Yes;"/>
Is there an easy way to achieve a connection to the database without hardcoding a username and password - like the above connection string - when using 2 different servers? Am I wasting my time going down this route seeing as how the database user I created has only exec permissions anyways?
Thanks for your thoughts on this.
You are not wasting your time. This is a very good practice. When you separate out IIS and SQL on separate machines, here are some options:
Create the asp.net user on both the IIS box and the SQL server (preferably with same password)
Use impersonation (change the context your site runs under)
Encrypt a connection string in the registry a config file and forget about trusted connections (brrrr)
Switch the asp.net context to be a domain user
Use IIS6 in native application mode
If the 2 servers are not in the same Windows domain, you cannot use trusted connection.
Also, the login must be created as a Windows authentication, you can't use a SQL authentication login with a trusted connection.
Otherwise, everything Tapori said.
Related
I'd like to connect to a local instance of SQL Server on another machine within the same network, and am wondering if it's even possible.
For example, say we have Machine01 and Machine02, both on the same internal network. I have several IIS websites setup on Machine01. If I log onto Machine02 and query the URL of one of the websites on Machine01 in in internet browser (say http://Machine01:9000), the website will load just fine. This has me thinking that it might be possible to construct a connection string to access the local database on Machine01 from Machine02. Is this possible?
I have Allow remote connections to this server checked in SSMS.
I've tried this connection string:
Server=Machine01;trusted_connection=true;Database=MyDB;Persist Security Info=True
Your connection string is correct in that the Server is the target computer name, and the premise of what you're trying to do is certainly correct and quite possible.
However make sure that the firewall on Machine01 is set to allow inbound traffic on the LAN from the SQL Server port (by default, 1433).
Also, the trusted_connection bit may not work, depending on how you have your users set up. If the user account on Machine02 a trusted user account on Machine01? If in any doubt, set up a SQL Server user account on your Machine01 SQL server, make sure you have SQL connections enabled (Server properties -> Security -> SQL Server and Windows Authentication mode), and pass across the SQL user name and password in the connection string instead...
You might try setting up a linked server, I find it to make the queries much easier. Here is some information on how to set it up.
I just created a new SQL Server 2014 VM from Windows Azure gallery. I did remote login into VM , on trying to login into DB with Windows Authentication mode, I get below error:
Login failed for user 'dbserver\dba1'. (.Net SqlClient Data Provider)
Are there any specific steps, which I have to follow for new SQL Server DB login to work properly?
P.S. I have opened port 1433 into windows firewall, it did not help, althoug that should not be required for logging in directly from VM.
I guess Azure VM is not joined to domain. This means that only SQL authentication will work against this SQL Server instance. You might need to do the following:
Enable Mixed authentication on the SQL Server
Add a user mapped to SA role (or enable SA and set its password, but having separate user is better)
Open port 1433 (you did this already)
Make sure SQL is listening on this port (should be already)
In case you connecting outside of the same Azure Cloud Service - make sure you have endpoint created for the VM. Highly recommended to use port different from 1433 as the endpoint public port.
Don't forget to specify port if it is not standard, SQL connection string expects comma for it (i.e. myvmpublicname.cloudapp.net,12345)
You can check this article for more details
I was getting connection inside the VM using MSSQL Server, but not from outside. After reading some comments, I found that I needed to add a specific port for outgoing traffic and added that port at Azure firewall:
Here are the steps to check is it working for you or not:
Start Sql Server configuration Manager
Click on your Server name
Click SQL Server network config
Click on protocols
Click on TCP/IP
At the end of tcp/IP range set your port, I set 1433.
Please restart SQL Database.
Now open port at Azure management portal. And conntect through SQL tools or other services.
And also remember to open windows firewall.
It most likely installed another windows user as the admin for the SQL Database. If you know what that user is, login as them.
Otherwise, did you manage to set up the SQL in mixed mode and have an sa password. If so, login with that then add the Windows Account.
If not, try Forgot SQL Server Password to reset the sa password and get access that way.
I'm doing research on how to integrate users or groups in Active Directory to SQL Server so that users can simply login to Windows and use the application (the connection is thru Windows Authentication).
What I did so far:
Install Windows Server 2008 R2 on a machine with the name "TheServerMachine"
Set "TheServerMachine" as Active Directory domain "MyDomain" controller
Add user User1 to active directory.
Add group Group1 to active directory. (Global, Security)
Add User1 to Group1
Install SQL Server 2008 Express, "SQLEXPRESS" as instance, on "TheServerMachine"
Set server to allow remote connection
The SQL server is in firewal exception
TCP/IP protocol is enabled for the SQL service
Setup the database "MyDatabase"
Add role "MyRules"
Add "MyDomain/Group1" to Login (the dialog box recognizes the group and the domain) with the default database "MyDatabase"
Add user "Group1Users" to "MyDatabase", added a role "MyRules" and set the login I have created.
Add a client machine with the name "Client1" to "MyDomain".
Done!
My problem is, I can't access the SQL server in my client PC which is successfully logged in as "User1" in windows. Using these server path in my ConnectionString, it says that server may not allow remote connection, or the server path may be invalid.
"\\TheServerMachine\SQLEXPRESS"
"\\MyDomain\SQLEXPRESS"
"\\192.168.0.1\SQLEXPRESS"
"TheServerMachine\SQLEXPRESS"
"MyDomain\SQLEXPRESS"
"192.168.0.1\SQLEXPRESS"
Note: My connection string is set "Integrated Security=True".
Do you think it has something to do with my path?
Is it because the domain and SQL server is on the same machine? (I don't think so)
Did I miss some configuration to Domain? Active Directory? SQL Server?
Should I use "SSPI" instead of "True" in "Integrated Security"?
Thanks in advance!
If your TCP/IP protocol is enabled, also make sure that SQL Server Browser service is enabled and started (and set it to automatic if you will be receiving connections from clients).
The SQL Server Browser is use for dynamic port allocation for named instances (in this case SQLEXPRESS is a named instance) and reaches out over port 1434. Also ensure that port 1433 and port 1434 are open.
Edit: Ensure that you are working with SQL Server services through the SQL Server Configuration Manager (SSCM), as the Windows Service Manager/Console snap-in doesn't have the added functionality that SQL Server services require.
First thing that jumps to mind is that SQLExpress isn't configured for remote connections out of the box. Instructions on how to do that
You might run into some other issues after this but try the things in that article first.
And indeed you did already establish that you configured SQLExpress for remote connections. Next item that popped out was your uncertainty on connection string with Integrated security true vs SSPI. What does the current connection string look like? I would assume something like
Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|aspnetdb.mdf
This SO question has plenty of troubleshooting and a wonderful title SQL Express connection string hell ASP.Net
I am developing a application for a small user group and decided to use sql express.
So the design as normal is sql express will be hosted in one machine(as server machine) and users client app will connect to sql-express host machine for accessing db.
Now the problem is remote clients are not able to connect the db, but host machine can access the db. Can someone please help if you have tried this before ??
Connection string used is as below, do we need to change the connection string ?
Data Source=Hostname\SQLExpress;Integrated Security=true; AttachDbFilename=|DataDirectory|\mydb.mdf;User Instance=true;
Note: Users are not domain connected they are LAN connected.
The database service is probably not setup to listen on TCP port 1433 by default for security reasons. You need to use the configuration utility to enable remote access. You also need to make sure that port is not being blocked by a firewall. These instructions for SQL Server 2005 are useful.
If the users are not running under a domain account I believe you will have issues with authentication. You may want to add them to a domain, or enable SQL Server (password) authentication. After enabling this you can specify a username and password via the connection string. You need to make sure that the user exists and has access to the appropriate tables, views, or stored procedures.
By default, SQL Server does not permit remote connections. You need to change this via the Server Configuration Manager in the Start Menu.
I just created a new database in "Microsoft SQL Server Management Studio Express" and now I'm in "ColdFusion Administrator" and I'm trying to add my database as a Data Source. How do I do that? I believe the servername is .\SQLEXPRESS but I'm not sure what the default username and password are. I've tried creating a new login through Management Studio with an actual username and password, but those aren't working either. The error I'm getting is:
Connection verification failed for data source: xxx
java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The requested instance is either invalid or not running.
The root cause was that: java.sql.SQLNonTransientConnectionException: [Macromedia][SQLServer JDBC Driver]The requested instance is either invalid or not running.
I can see that the service is running, and I can connect to it through management studio. I've tried following a couple tutorials online, but they don't seem to be working for me. Ideas?
Server name can be any resolvable hostname or domain name, in case of having SQL Server and CF server on same box localhost should work for you.
Also make sure that user you created has access to the particular database and needed operations. Look into the database permissions for this. This check is not required when using master account (often login is sa), but this is not recommended practice because of the security reasons.
Also make sure SQL Server and Windows Authentication mode is checked. I had an issue with permissions as well when I only had Windows Authentication enabled under:
right click on server (localhost) -> security
Then restart SQL Server Services to save changes. After that I was able to connect my ColdFusion datasource to SQL Server.
For testings sake use the same credentials that you are connected with in Management Studio, likely the "sa" user and password. Once you have it working with "sa" then go back into Management Studio and create an application level user for your CF app and then update the data source to use your new user / password.