SQL Server 2005 introduces a new type of database user, one that is created using the €œWITHOUT LOGIN€? clause. This user is not mapped to a login, and is being touted as an alternate to Application Roles because no password is needed.. What I do not understand is how to use this type of user. I know how to use sp_setapprole with Application Roles, what are the equivalent steps needed to use login-less users?
I am developing an distributed VB.NET 1.1 application with a TripleDES capable socket layer for communication with my server app.
I need to secure the distributed app from the users within the organization I am developing it for (a franchise).
I do not wish to store any encryption keys in the source code as these would be obvious to any seasoned hacker through decompilation of my binaries (even with obfuscation). I have decided to use the windows DPAPI (under machine storage mode) to secure manually entered (at installation) encryption layer keys in the registry. The salt values for this DPAPI mode also need to be secured, as a disgruntled franchise owner may be the hacker (and hence would have admin privilege on the machine the software is installed on). Not as far fetched as you think !
This is the beginning of a vicious cycle. How do I secure and where do I store this salt value safely ? With it a hacker with admin privilige can easily decrypt my keys if they know I am using machine mode DPAPI. Can I use ACLs to protect the keys with an account I set up manually on the machine ? If so then I would need to be able to switch account identities in my code (which I haven't researched as yet) and then would need to store the password to that somewhere.
If anyone could offer any insight or direction it would be much appreciated.
I have set up a link from ACCESS to a SQL 7.0 database using ODBC (File DSN saved on a shared DRIVE). The link works well only from the workstation where the link was created. But How can I create a link so a group of users can view the linked table in ACCESS without type a password? Any suggestion is appreciated.
autorized user: sa any user : nuran temporary table: birtablo
I need a stored procedure will execute by sa and it will create some required temporary tables for each users. For example table name is birtablo. I mean sa will create table for nuran, and when I checked the owner of the table (birtablo) I want to see nuran not dbo. sa will execute following command:
create table nuran.birtablo (...........)
Is it possible to cerate a table by sa on behalf of any user? If it is, could you please explain?
Hello, i have a problem regarding stored procedures and view server state.
I have an application with a lot of stored procedures, one of them checks data of the connected users. In SQL 2000 i had no problem getting this information, but in SQL server 2005 i do.
my stored procedure looks like this:
ALTER PROCEDURE [dba].[applsp_GetConnectionInfo]
WITH EXECUTE AS OWNER AS
SET NOCOUNT ON
DECLARE @sCollationMaster VARCHAR(128);
DECLARE @sSqlString VARCHAR(900);
-- Determine collation from master database because collation from master and ultimo database may differ
SELECT @sCollationMaster = CAST(databasepropertyex('master', 'Collation') AS VARCHAR);
SET @sSqlString =
'SELECT max(status) AS Status, max(isnull(SCISUSENAME, ''ULTIMOLOGIN'')) AS Login
, MAX(Rtrim(Rtrim(convert(varchar(255), nt_domain)) + nt_username)) AS NTUser
, max(Rtrim(hostname)) AS Host, MAX(Rtrim(program_name)) AS Program
FROM master.dbo.sysprocesses JOIN dba.SCONNECTIONINFO on SCISPID = CAST(spid AS VARCHAR)
AND ( SCISUSENAME = ISNULL(loginame, '''') COLLATE ' + @sCollationMaster + ' OR ISNULL(loginame, '''') = ''ULTIMOLOGIN'')
WHERE ...... AND DB_NAME(dbid) = ''' + @DBName + '''
GROUP BY hostprocess
ORDER BY Login
I've granted view server state permissions to my user 'dba' which is the db_owner. When i execute the query in the stored procedure seperatly as dba i get all the info i need, but when i execute the stored procedure i don't see anything.
I seem to have the same problem with sp_who2 Executing it gives me information about everyone but when i put in a stored procedure like this:
I am developing an application that uses Access database (mdb file) to store the user data. The user of this application is not interested in the database file (to view in MS Access Environment). Does the user machine requires MS Access installation to run my application or just some couple of dlls (OleDB driver, Access DB Engine,..) should be enough to run my application?
I made a backup of a production database and copied that backup over to a development server and restored the database. Now I have users saying that the application is failing on development. I have users that have NT authentication and some with SQL authentication.
What is the best way to get everything to sync up again?????
I have a few db's that I am backing up from an old sql2000 system and moving them to the new sql2005 server. The first db's restored without any problems but now I am getting some problems with users and logins.
I am restoring in the following order
1.) Creating empty db "123" 2.) Restoring database from file to database "123" 3.) Creating Login to this database (error happens when linking it to the database, "user exists")
When connecting thru QA I get "Cannot open user default database login failed"
I only have 1 login per database and I don't mind manually deleting and recreating them all but it doesnt seem to be working :S
I am in a situation where I would like to use a SQL login instead of adding individuals windows login to the server. Is there a way to force a login instead of having the report server not give rights at all??
I'm trying to set up my reports with parameters, to select the paramater by the users login. For example, if someone from the Northwest Region accesses Report mangers and then a report. Instead of them clicking the drop down, for the report parameter. The report automatically generates from the login that gave them access to report manager. So it diplays the information for the Northwest Region.
I know how to do this for Data Driven subscriptions.Such as creating a table , with Region, login, email, and all the information relevant. But how do i do this for users accessing the site theirselves? Is this possible?
Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. I assume that this message appears because I am not retrieving setting the proper access rights from the DB but I don't know how to go about doing this. Could someone provide me with a link to a few examples to help resolve my issue?Thanks,Eric
I created a ASP.net 2.0 application using C# on VS2005 The application access several database on a remote SQL Server 2005I recently added Login functionalties to the application, this created a MDF in the app_data folder.Everything works fine on my local desk top... I can access my remote SQL Server 2005 and the local MDF file works fine, I can create account, login and all that fun stuffSo I Published the site to my target server:Which is the same server running the SQL Server 2005 The parts of the application that does not require login works fine, I can access the SQL server 2005 with ease..see data, update, everythingHowever when ever I try to login or create an account from the application(MDF file) I get this:An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)I can only assume that the problem is with the MDF file. Can anyone point me in the right direction?Thank you Andre
We have a backup/standby server which is restored every night from the daily dump on the main server. Everything seems to work fine, except that the logins/users become out of sync. The logins seem to be fine, but the user names which belong to the different logins do not restore properly which causes problems when using the backup server.
Does anyone know why this happens? Is there a workaround for this?
Over the weekend, I attempted to move six databases from an older server to a newer one. I have installed SQL 6.5 on both with identical configurations. After migrating the data, bringing down the old server, renaming the new server and configuring the ip address, I ran into a problem. Two applications that access databases on the server were unable to login using any id other than the system administrator id. Each of these applications have been tested on a test server with the same configuration as the new and old production servers. Each installation is on an NT server with SP6 and each SQL install is using SP4. One of the applications gives an OLE DB error. Any suggestions would be appreciated. Thanks in advance.
We're having a bit of a problem getting Integrated Security to work with a .Net 2.0 application and SQL 2005. While we're tweaking permissions on the SQL-side, we came across an account "Application Login" and wondered what its role is. First, our problem:
Currently, the users in the AD group get a connection error. This group is defined as follows at the instance level:
role: public user mapping: to the database without any default schema securables: none status: grant and enabled
At the database security level:
general: none securables: execute on all (100+) stored procedures
And we gave them "Execute" on the database itself.
A little background: we had detached and copied this database from one server to another. So we suspect that the Application Login may have been modified/corrupted, even though it appears to be identical between the original and the copied databases. So we redefined it on the copied DB to match the original. Another group, which is defined as dbo on the database, has no problem at all connecting and running the application.
The Application Login has Execute permissions on all stored procedures and Delete, Insert, Select, Update, and View Definition on the ChangeLog table. It also has db_DataReader, db_DataWriter, and db_ddlAdmin roles associated with it.
Is there another SQL login required for initial connection to the database even though Integrated Security=SSPI is used in the connection string?
Does anyone see where we may be missing a security setting for the non-dbo user group to connect to the database?
Thanks very much for any suggestions, ideas .... Cheers, Tess
Hi. I have a DetailsView with Bound Fields "Login" and "Password". This informations are stored in SQL database. How to solve such authorization? How to compare password stored in database against passowrd typed by user? Is this a good idea to use CustomValidator control to write some checking procedure?. Regards. Pawel.
Hello Everyone How do you generate a script for all the current sql server logins and generate a script for database users for each database.? You can script operaoers, tables, databases, and a lot of other objects by using the “All Tasks” shortcut menu option, but I haven’t figured out to script logins and database users. Any help would be greatly appreciated.
I have an application that uses an MDF file as a database. Debug mode of application on developing machine works fine. I synchronize my project to my home computer so that I can work home too. (I use AllwaySync for synchronisation, it copies newer file from the old location overwriting the old ones).
I also have a setup project in my solution for that app.
When I create and install the application on my local computer everything works fine. But when I install it one a different computer and then run it, it cannot connect to database. The error occures while conencting to database saying:
Code Snippet Unable to open the physical file "C:Program Files........VBDB.mdf". Operating system error 5: "5error not found)". Unable to open the physical file "C:Program Files........VBDB_log.ldf". Operating system error 5: "5error not found)". Cannot open user default database. Login failed. Login failed for user 'EKAROMAEka''. File activation failure. The physical file name "C:Program Files........VBDB_log.ldf" may be incorrect.
the second time I try run my application I get the following error (and all following tried where resulted in this error):
Code Snippet Cannot open user default database. Login failed. Login failed for user 'EKAROMAEka'.
These exceptions are caught by "try catch" when feeding data into DataGridView om my main form.
I have the sam username and password on my Home and Work computers.
I'm not very good at MSSQL security. I don't know how to solve this problem. I can't even understand wheather this is a security that's built in an MDF file or some kind of a Database server issue.
the connection string that I use for connecting to SQL Server is this:
Code Snippet Data Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|VBDB.mdf;Integrated Security=True;Connect Timeout=30;User Instance=False
However, I cannot get the application to successfully logon and run the select statement when using the user id and password of the Application Role. I get error:
System.Data.SqlClient.SqlException: Login failed for user 'SearchAppRole'. at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj
I can't find much information on Application Role...I just want one basic permission for the application as a whole. Any help is appreciated. Thanks.
I have a java program that accesses an ms access database throughodbc:jdbc.When deploying my program will the users need a full version ofmicrosoft access to be able to use it?If not, what do they need and where can i get it from.Thanks
Ok I created a database SQL is the engine and Access XP is the gui. When the users try to access the databae they get error message, it opens up but they cant open the forms for some reason. I was wondering if this had to do with me have Access XP and them having Access 2000, but I highly doubt it because when I had a user log on to my machine (which has access xp) they still were not able to access the forms. Can someone help me out PLEASE PLEASE PLEASE... this is so frustrating :(
One thing I'm noticing is that the users connection keeps dropping???